+ Post New Thread
Results 1 to 2 of 2
Internet Related/Filtering/Firewall Thread, Squid to ISA and Websense in Technical; Hi All, I had a thread going in the nix section but really the problem now lies with ISA so ...
  1. #1

    Join Date
    Jun 2008
    Posts
    38
    Thank Post
    4
    Thanked 2 Times in 1 Post
    Rep Power
    13

    Squid to ISA and Websense

    Hi All,

    I had a thread going in the nix section but really the problem now lies with ISA so I thought I would start a new thread.

    We have a squid proxy ---> ISA 2006 with websense installed.

    All clients that connect to the squid server show their IP in websense as the squid server IP and not their own client IP.

    My question is does anyone know a way to make websense ignore the squid server IP and use the client IP.

    I have configured squid to forward on the x_forwarded_by attribute and I have a filter on ISA and can confirm that the client IP is being sent. However, this does not seem to affect the websense client IP address!

    Thanks

  2. #2

    Join Date
    Jun 2008
    Posts
    38
    Thank Post
    4
    Thanked 2 Times in 1 Post
    Rep Power
    13
    *SOLVED*

    Sometimes, workstations that must be filtered are located behind a proxy that uses Microsoft ISA Server as a proxy (proxy chaining).
    Some proxies can be configured to expose the workstation's IP address in the HTTP header via the value of X-Forwarded-For:. Microsoft ISA integration with Websense software can be configured to do filtering lookups based on this value, rather than on the IP address of the downstream proxy.
    To filter workstations behind multiple proxies:
    Configure the downstream proxy to pass workstation IP addresses via X-Forwarded-For.
    See the proxy documentation for instructions.
    On the machine running Microsoft ISA Server, navigate to the WINDOWS\system32 directory.
    Open the file wsMSP.ini in a text editor.
    Add a new heading of: [configSection]
    Under the new heading add the following key:
    CheckXForwardedFor=1
    NOTE If the X-Forwarded-For value is not found in the HTTP header when this feature is enabled, filtering lookups occur based on the IP address of the downstream proxy.

    Stop the ISA Server service via the Windows Services dialog box.
    The service is labeled as Microsoft Firewall.
    Start the ISA Server service via the Windows Services dialog box.
    Repeat steps 1-6 for each machine on which Websense ISAPI Filter is installed.

SHARE:
+ Post New Thread

Similar Threads

  1. Squid to ISA pass original IP
    By skeep in forum *nix
    Replies: 31
    Last Post: 4th March 2011, 03:03 PM
  2. Squid and ISA 2006
    By deanw83 in forum *nix
    Replies: 0
    Last Post: 6th January 2009, 10:10 PM
  3. Squid NTLM passthrough to parent ISA
    By _Jo_ in forum *nix
    Replies: 19
    Last Post: 12th November 2008, 05:25 PM
  4. Websense Cost ?
    By karldenton in forum Windows
    Replies: 11
    Last Post: 14th July 2008, 12:13 PM
  5. ISA Server 2004 Advice with Websense
    By FN-GM in forum Windows
    Replies: 6
    Last Post: 20th June 2008, 12:18 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •