Publishing the Incoming Web Requests Listener article (Full Version)

All Forums >> [ISA Server 2000 General] >> Server Publishing



Message

tshinder -> Publishing the Incoming Web Requests Listener article (5.Nov.2002 6:58:00 AM)

Questions and replies to the Publishing the Incoming Web Requests listener article go here.

Thanks!

[ November 05, 2002, 07:06 AM: Message edited by: tshinder ]



haintjong -> RE: Publishing the Incoming Web Requests Listener article (12.Nov.2002 1:54:00 AM)

Hi Tshinder
I am very new to ISA configuration and this article answers most of my queries and probably save me a lot of sleepless nights in next few weeks

I recently configured a new DMZ with ISA to allow users to access out intranet pages via GPRS. The web publishing rule works fine and user now want to have internet access using the same infrastructure.

My issue is - the exisitng internet enable proxy for our internal client is not the same ISA server. Is it possible to configure the ISA server as you mention in the arctile to pass on the web request to another proxy server instead?

Regards

HainTjong



tshinder -> RE: Publishing the Incoming Web Requests Listener article (12.Nov.2002 6:50:00 AM)

Hi HainTjong,

I'm not sure exactly what it is you want to accomplish, but I suppose you could configure Web Proxy chaining with an upstream ISA Server, so that requests go from one to another.

HTH,
Tom



haintjong -> RE: Publishing the Incoming Web Requests Listener article (22.Nov.2002 1:05:00 AM)

Hi Tshinder

Thanks for the reply. I am still having few problems with the configuration. But first, let me just clarify our configuration first.

I have a ISA server configured with single extneral IP address to allows our offsite users to access our internal web pages via web publishing rules. I want to enable the internet access to these users but would like to redirect their internet requests to another proxy server which has good internet connectivity. Is this possible ? The reasons behind this is really down to the follows
* Costs - Want to utilize the existing internet connection than install another connection
* Security / Censorship - The other server already setup to minitoring our internal users internet access and block any potential web sites.

You mentioned that I could configure the Web Proxy chaining with an upstream ISA Server, so that requests go from one to another. Could you explain this in more details ?

PS I ordered your book via Amazon but still not arrive yet. I would be grateful if you can help me out on this.

HTH
HainTjong



tshinder -> RE: Publishing the Incoming Web Requests Listener article (25.Nov.2002 9:04:00 PM)

Hi HainTjong,

I think the best solution is a VPN for what you're trying to accomplish.

HTH,
Tom



ryanlamb -> RE: Publishing the Incoming Web Requests Listener article (28.Feb.2003 2:27:00 AM)

I have set up my isa server as you stated and also only allow specific ip address to use the server. This works great for those people on known IP address. My question: Is there a way that I can have users on not known IP addresses authenticate to use the server? I know if I choose "require unauthenticated users to authenticate" all users must authenticate before before they can browse but I woulld only those without a known IP to need to authenticate.

Thanks.



tshinder -> RE: Publishing the Incoming Web Requests Listener article (28.Feb.2003 5:33:00 AM)

Hi Ryan,

The option is authentication, becuase its far too easy to spoof IP addresses. When running a public proxy, you can't be too safe!

HTH,
Tom



ryanlamb -> RE: Publishing the Incoming Web Requests Listener article (28.Feb.2003 8:28:00 PM)

Is there a way to do both IP addresses without authentication AND authentication for those on non-listed IP address?

OR

If I use only authentication is there a "easy" way so the users don't have to enter the username and password each time they open the browser?

Thanks,

[ February 28, 2003, 08:35 PM: Message edited by: Ryan Lamberton ]



tshinder -> RE: Publishing the Incoming Web Requests Listener article (28.Feb.2003 9:14:00 PM)

Hi Ryan,

Perhaps, but ISA Serve is a security device, so I've never tried to reduce the level of security it provides [Wink]

I'll put this on my list of issues to research.

Thanks!
Tom



ryanlamb -> RE: Publishing the Incoming Web Requests Listener article (1.Mar.2003 8:00:00 PM)

Another question /problem. Everything is setup and working well most of the time. About once or twice a day our users can't browse (and me as well). I stop the firewall and start it again and everything is working again. Any Ideas?
I have this setup on 2 diferent windows 2000 adv. servers and the both have the same problem.

Thanks.

Ryan

[ March 01, 2003, 08:03 PM: Message edited by: Ryan Lamberton ]



ryanlamb -> RE: Publishing the Incoming Web Requests Listener article (23.Mar.2003 7:05:00 AM)

Ok, no answer one that one. How about this. I have the ISA server setup as you said and with no SMTP server installed and I am getting complants that someone is sending spam from my ISA server. The log reads:

Offending message:
X-Message-Info: yOfSAGsvVmXvO7ZRyvQQAkyTmTNMFYWm
Received: from mc7-f12.law1.hotmail.com ([65.54.253.19]) by
mc7-s16.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600);
Sat, 22 Mar 2003 16:43:31 -0800
Received: from mailin-02.mx.aol.com ([XXX.XXX.36.217]) by
mc7-f12.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600);
Sat, 22 Mar 2003 16:43:31 -0800

Where my IP is the one with the X's

What could be causing this?

Ryan



tshinder -> RE: Publishing the Incoming Web Requests Listener article (23.Mar.2003 6:57:00 PM)

Hi Ryan,

Did you configure your SMTP service to not relay? But default, the IIS 5 SMTP service doesn't allow relay from non-authenticated hosts.

HTH<
Tom



ryanlamb -> RE: Publishing the Incoming Web Requests Listener article (24.Mar.2003 12:15:00 AM)

There is no smtp service on the computer. I have found in the logs that someone is logging in to the proxy that is not in the allowed IP address list (client address set used by the incoming web request listener in server publishing rules). I have it set it up to only allow users with specific IP addresses. This works for me and if my ip address is not in the list I cannot use the proxy. Yet I can see his IP address in the firewall log with allow after it. How can they get through the firewall? I also added a IP packet filter to block port 25 in both directions but that has not helped.

This is the log entry (if it helps):
10.0.1.105- - N 2003-03-23 20:17:52 fwsr FAMILINK-PROXY - - 66.207.212.111 2006 - - - 2320 TCP Accept - - - 0 - incoming web request listener - 2 1

I have tryed everything I can think of to block the 66.207.212.111 address even creating a protocol rule to deny all IP traaffic that applies to that client set. Yet is is still in the log as accept! Am I missing something?

Thanks for all your help.

Ryan



tshinder -> RE: Publishing the Incoming Web Requests Listener article (24.Mar.2003 4:06:00 AM)

Hi Ryan,

I'm not sure what the Incoming Web Requests listener has to do with SMTP?

Thanks!
Tom



ryanlamb -> RE: Publishing the Incoming Web Requests Listener article (24.Mar.2003 7:58:00 PM)

I think I got it. Thanks, I have an error! [Mad] [Mad] [Mad] [Eek!] [Mad] [Mad] [Mad]

[ March 24, 2003, 10:46 PM: Message edited by: Ryan Lamberton ]



Guest -> RE: Publishing the Incoming Web Requests Listener article (17.Oct.2003 5:53:00 PM)

Hi tshinder i followed your 'allowing external connections to use the ISA proxy' but when a user authenticates they are able to browse and when they load up a new browser window they don't get asked to re authenticate.

I understand that this of benifit to the users to save them from having to re authenticate every time they open a new browser but i would like to set it so they do have to re authenticate.

The only part of your article i didn't complete was to disable the W3SVC service. How exactly does disabling this service help, and is this the reason for it not asking to re authenticate?

Regards
Edward



NikoraM -> RE: Publishing the Incoming Web Requests Listener article (3.Mar.2005 4:10:00 PM)

What about ISA 2004? How can I do this with ISA 2004? Thanks



Guest -> RE: Publishing the Incoming Web Requests Listener article (1.Jun.2005 4:18:00 PM)

Thanks for the great articles on this subject!

I have a need to allow external connections to use the web proxy on ISA 2004. We have field users who sometimes cannot connect to the VPN - mostly from public WiFi spots (hotels and such).

Can you please explain this process in ISA 2004? I have done it on 2000 but 2004 is quite different.

Thanks!
Hackz



Guest -> RE: Publishing the Incoming Web Requests Listener article (5.Aug.2005 5:38:00 PM)

Yes, please can you also give me some help setting this up for ISA 2004, it's driving me mad [Frown]



dfaa -> RE: Publishing the Incoming Web Requests Listener article (13.Mar.2006 9:13:14 AM)

Hi have anyone got this solution to work on Isa2004 SP2 , i really need this when i have multiple users out in the field who i want to go through my isa with antivirus /antispyware ...

If anyone have this solution working please help me out here



Page: [1] 2   next >   >>