• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Caching Anonymous Requests

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Cache] >> General >> Caching Anonymous Requests Page: [1]
Login
Message << Older Topic   Newer Topic >>
Caching Anonymous Requests - 6.Sep.2004 5:25:00 PM   
JayG

 

Posts: 16
Joined: 24.Feb.2004
Status: offline
I'm having problems with a Java plug-in running on an internal website. When the plug-in is called, the user logged by the ISA server as initiating the request is 'anonymous'. We are using integrated authentication, with 'Ask unauthenticated users for identification' selected on the properties of the internal network; this causes the plug-in connection to be rejected.

Is there any way around this - is it possible to configure the ISA server to bypass caching for this website only. Unfortunatley, we cannot bypass caching for all local addresses as other websites are available on the LAN.
Post #: 1
RE: Caching Anonymous Requests - 6.Sep.2004 10:55:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jay,

First, NEVER enable the "ask unauthenticated users to authenticate". It causes far too many problems.

You can create an anonymous access rule and allow it to be applied to that site, and then place that rule on the top of the list.

Or, configure the clients as Firewall and/or SecureNAT clients and configure the site for Direct Access.

HTH,
Tom

(in reply to JayG)
Post #: 2
RE: Caching Anonymous Requests - 7.Sep.2004 12:58:00 PM   
JayG

 

Posts: 16
Joined: 24.Feb.2004
Status: offline
Thanks for that Tom - it's working now. I added a URL set containing the relevant website URLs, then created a user-defined protocol for the port the Java plug-in works over, and finally added an access rule containing these elements.

The only problem now is that all web requests from all users are being logged with a username of 'anonymous' - how can I force ISA to log the correct username?

(in reply to JayG)
Post #: 3
RE: Caching Anonymous Requests - 7.Sep.2004 3:06:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jay,

They should only be anonymous if the rule is for anonymous access for that site only. You can fix the problem completely by using the Firewall client. That's why I *always* recommend making maching both Firewall and Web Proxy clients.

HTH,
Tom

(in reply to JayG)
Post #: 4
RE: Caching Anonymous Requests - 8.Sep.2004 1:24:00 PM   
JayG

 

Posts: 16
Joined: 24.Feb.2004
Status: offline
I've managed to get this to work without installing the Firewall Client (for a whole bunch of reasons it will not be deployed on our network) - here's how:

The URL accessed for the Java plug-in is:

http://<servername>:8011/<pathtoplug-in>

While this appears to be a connection over port 8011, ISA logs show that the connection is port 8011 over HTTP, so...

1) Created a URL set containing a single URL of http://<servername>*
2) Added an access rule to the top of the firewall policy allowing a source of any, destination of the URL set, protocol of HTTP & user set of All Users
3) Updated the access rule below that which allows for general web access so the user set is Authenticated Users
4) Unticked 'Ask unauthenticated users for identification' in the properties of the internal network

The effect is that anonymous connections to the plug-in URLs are allowed, and all other web requests are still logged with the correct username.

(in reply to JayG)
Post #: 5
RE: Caching Anonymous Requests - 8.Sep.2004 3:10:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jay,

Great! That'll do it. So it looks like an auth problem and not the dreaded bad Java coding problem so Direct Access wasn't required.

Good to hear you got it working and thanks for the follow up!
Tom

(in reply to JayG)
Post #: 6
RE: Caching Anonymous Requests - 28.Oct.2004 11:39:00 AM   
seeds

 

Posts: 16
Joined: 18.May2004
Status: offline
I have the exact same problem and your fix has worked for me on my 2004 box but I also need to implement the fix on my 2000 box but am having difficulty.

Here is what I have done :

Already have a protocol rule in place to allow HTTP for a particular W2K group.
Created a destination set for the URL
Created a Site and Content Rule to allow HTTP from Any Request to the Destination Set.

Any ideas what I'm doing wrong as it doesn't work??

Thanks,

P.S. I know this isn't the 2000 forum but I wanted to keep in line with this thread.

(in reply to JayG)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Cache] >> General >> Caching Anonymous Requests Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts