• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Help with HTTP Filtering and logging - ISA 2004 ---- Windows 2003 Server

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting >> Help with HTTP Filtering and logging - ISA 2004 ---- Windows 2003 Server Page: [1]
Login
Message << Older Topic   Newer Topic >>
Help with HTTP Filtering and logging - ISA 2004 ---- Wi... - 28.Jan.2005 4:59:00 PM   
lmacke

 

Posts: 14
Joined: 31.Oct.2003
Status: offline
We are in the process of creating HTTP Security Filter policies for our current and new applications. We need to figure out the required methods, extensions, headers, and other signatures that are specific to our applications.

Right now we are in the process of working to get an important application up and running with ISA 2004. We have run into a problem where the website works periodically and fails periodically.

In order to troubleshoot this further I made a change in logging to allow filter information to be displayed. This got me to the point where we now showing detail in the errors, specifically "Blocked by the HTTP Security filter: URL contains an extension which is not specifically allowed". This information is helpful, but not nearly enough. We need to know exactly which extension or extensions are being blocked.

I would like to know if there is a way within ISA 2004 to see what specific extension or extensions are being blocked. We have spent an enormous amount of time and effort trying to figure this out on our own.

In the long run this is going to be a significant need. We are not only going to need to see which particular extensions are being blocked, but we will need to know what methods are needed, what headers are needed, and what signatures are missing. I truly hope there is a way to do this within ISA.

Please help.

Thanks,

Lisa
Post #: 1
RE: Help with HTTP Filtering and logging - ISA 2004 ---... - 31.Jan.2005 11:27:00 AM   
ianfermo

 

Posts: 235
Joined: 7.Nov.2004
From: Zamboanga, Philippines
Status: offline
Hi,

Try to allow all extensions first. Go to Firewall Console. Configure HTTP(right click on the web access allow rule), go to extensions and click allow all extensions on the drop box. Just try this for testing purposes. Check your URL for any extensions that might be included on block list. Ex. : *.shtml, *.shtm and etc.

Cheers,

(in reply to lmacke)
Post #: 2
RE: Help with HTTP Filtering and logging - ISA 2004 ---... - 3.Feb.2005 6:14:00 PM   
lmacke

 

Posts: 14
Joined: 31.Oct.2003
Status: offline
I want to mention that I have already set specific extensions to be blocked. We are currently locking down each application as tight as possible. The list that is provided in the attachement you sent is one that we have already reviewed. We do not want to use the baseline. We will be doing this for each application.

We have worked with the applications representative to try to find exactly which extensions are needed for this application. The tech provided us with a traffic capture from his test site (attached) but said that he could not see any other needed extensions. Now the problem is back in our hands.

I added the following per their request:

.jsp

.do

.css

.js

.html

.htm

.gif

.jpg

. (this is the "no extension" designation)

The website is experiencing periodic failure and periodic success with these extensions that we have specified. If we allow all extensions then there is no problems, BUT this is not what we want. Nor do we want to use the baseline. We want it boiled down to only what it will need and use.

We need a way to lock down each application to their specific extensions. Like I said in order to troubleshoot this further I made a change in logging to allow filter information to be displayed. This got me to the point where we now showing detail in the errors, specifically "Blocked by the HTTP Security filter: URL contains an extension which is not specifically allowed". This information is helpful, but not nearly enough. I

Is there a way within ISA to turn on logging to show exactly which extension is blocking the website? Or do you have any other ideas of how I can determine the exact extensions, methods, etc...

(in reply to lmacke)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting >> Help with HTTP Filtering and logging - ISA 2004 ---- Windows 2003 Server Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts