+ Post New Thread
Page 3 of 3 FirstFirst 123
Results 31 to 32 of 32
*nix Thread, Squid to ISA pass original IP in Technical; *SOLVED* Sometimes, workstations that must be filtered are located behind a proxy that uses Microsoft ISA Server as a proxy ...
  1. #31

    Join Date
    Jun 2008
    Posts
    38
    Thank Post
    4
    Thanked 2 Times in 1 Post
    Rep Power
    13
    *SOLVED*

    Sometimes, workstations that must be filtered are located behind a proxy that uses Microsoft ISA Server as a proxy (proxy chaining).
    Some proxies can be configured to expose the workstation's IP address in the HTTP header via the value of X-Forwarded-For:. Microsoft ISA integration with Websense software can be configured to do filtering lookups based on this value, rather than on the IP address of the downstream proxy.
    To filter workstations behind multiple proxies:
    Configure the downstream proxy to pass workstation IP addresses via X-Forwarded-For.
    See the proxy documentation for instructions.
    On the machine running Microsoft ISA Server, navigate to the WINDOWS\system32 directory.
    Open the file wsMSP.ini in a text editor.
    Add a new heading of: [configSection]
    Under the new heading add the following key:
    CheckXForwardedFor=1
    NOTE If the X-Forwarded-For value is not found in the HTTP header when this feature is enabled, filtering lookups occur based on the IP address of the downstream proxy.

    Stop the ISA Server service via the Windows Services dialog box.
    The service is labeled as Microsoft Firewall.
    Start the ISA Server service via the Windows Services dialog box.
    Repeat steps 1-6 for each machine on which Websense ISAPI Filter is installed.

  2. #32
    cic
    cic is offline
    cic's Avatar
    Join Date
    Mar 2011
    Posts
    1
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hello Iain!

    I read that you have developed a X-Forwarded-For Log Filter for ISA that was successfully tested by Skeep. I would be grateful if you could send me, too, this filter and the instructions how to set it. I had to make a cross upgrade to Trend Micro InterScan Web Security Virtual Appliance which can add the XFF HTTP header. So now I have a chain of proxies. Unfortunately ISA is not able to get from it the originating IP address and the product from Winfrasoft costs too much for me. Thanks a lot.
    All the best,

    cic

SHARE:
+ Post New Thread
Page 3 of 3 FirstFirst 123

Similar Threads

  1. Replies: 10
    Last Post: 11th May 2010, 10:13 AM
  2. V - will it be as good as the original ?
    By mattx in forum General Chat
    Replies: 4
    Last Post: 21st May 2009, 02:00 PM
  3. Squid and ISA 2006
    By deanw83 in forum *nix
    Replies: 0
    Last Post: 6th January 2009, 10:10 PM
  4. Squid NTLM passthrough to parent ISA
    By _Jo_ in forum *nix
    Replies: 19
    Last Post: 12th November 2008, 05:25 PM
  5. What to do with your original PS2?
    By flashsnaps in forum Gaming
    Replies: 5
    Last Post: 24th April 2008, 12:50 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •