Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can not view SSL HTTPS pages with HTTP Content/Selected Content groups

Status
Not open for further replies.
anboen

anboen

Technical User
Mar 13, 2002
9
0
0
SE
Hi

I have a huge problem here, Even MS are not able to help me, so i am guessing U can do a better job :)

System
Member server W2k sp2, ISA with SP1
Protocol rules for members of internet group allows all tcp/ip traffic.
Site & Content Rule allows members of internet group accessing all destinations.

When HTTP Content is set to "All content groups" the clients can surf all the web with no problem.
BUT when HTTP Content is set to "Selected Content Groups" and ALL of the content groups is marked, the clients can access all webpages exept the ones with Then a login prompt for ISA server shows, and no matter what user creds u type in the ISA server blocks your acces to that site.

Following error message appears:
HTTP 502 Proxy Error - The ISA Server denies the specified Uniform Resource Locator (URL). (12202)
Internet Security and Acceleration Server
--------------------------------------------------------------------------------
Technical Information (for support personnel)
Background:
The gateway could not retrieve the requested page.
ISA Server: isa
Via:
Time: 2002-06-27 13:26:09 GMT
============================================

Please help me out with this, i would be most grateful. Because the users are to be blocked from downloading mp3's and exe's and more...

HELP!! 8)
// Andreas Borén a very frustrated MS expert...
 
Sort by date Sort by votes
It doesnt sound like the problem lies with the HTTP Content settings. Although ticking each of the default builtin content groups doesnt allow every piece of http content to be allowed. Those default content groups only are the most common used web content.

I would suggest on that Site and Content rule to allow the internet group access to all destinations, you set the HTTP Content "All Content Groups".
Then create a custom HTTP Content Group under Policy Elements, with all the content that you want to ban, ie mp3's. Then create a second Site and Content Rule and apply it to the internet group, then select "Selected Content Groups" and select that custom content group, but for this rule set it to denied access rather than allow access.
This may help fix the problem. Hope it makes sense.
 
Upvote 0 Downvote
Thanx for the tip Sithl0rd!!

I did as you said and allowed all content groups, then blocked the apps and mimes that we do not want. (A large list DUH)

It is working when we do it this way, but it would be nice to know what to add to the content groups to get the SSL up'n running.


Thanx again 8)
// Andreas
 
Upvote 0 Downvote
try this way, expand ISA - Servers and Array - Right click your server - properties - check "enable ss listeners" both on Incoming and Outgoing web requests tabs.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
148
Sameer258
Sameer258
intel233
  • Locked
  • Question
ASA5510 - SSL Cert
Replies
0
Views
97
intel233
intel233
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
177
Shmid
Shmid
Spork52
  • Locked
  • Question
Is this secure? Serving content from two servers with SSL
Replies
3
Views
51
ChrisHirst
ChrisHirst
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
52
ISDPCMAN
ISDPCMAN

Part and Inventory Search

Sponsor

Back
Top