outgoing https request being blocked

Tags:
DHCP
DNS
Firewalls
Forensics
Incident response
Intrusion management
Network security
Networking services
VPN
Windows
Windows 2000 Server
Windows Server 2003
Wireless
Hello, At my office I am noticing that a particular website which I used to be able to login to has done some upgrades and I no longer can access it. I have tried multiple browsers but I think the problem is in the ISA firewall on the server. The site starts as a http://blahblah:8088/blah then when it tries to authenticate the username and password it goes to a https://blahblah:8443/authenticate. Will i need to open ports 8088 and 8443 to be able to access this site again, or is there some other setting to allow access to secure sites? Here are the server stats: windows 2000 server WINS proxy Isa Firewall no router Thanks for the help in advance Adam

Answer Wiki

Thanks. We'll let you know when a new response is added.

It’s hard to be certain, given that we don’t know much about your firewall setup, but I would guess that you’re on the right track, since 8443 etc. are non-standard ports.

Also, I suspect that you meant “Windows proxy” rather than “WINS proxy”.

As the infamous advice goes: “Contact your network administrator”.

Bob

Discuss This Question: 7  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • MrWizard
    First, to answer your question...yes you'll have to open those ports on your firewall. FYI, Be very careful. Very few legitimate websites use ports that are abnormal (standard ports: http-80, https-443).
    0 pointsBadges:
    report
  • Dantebrown
    Adam, I'm going to make two assumptions: 1. It's a single server solution. 2. You are viewing the website from the internal network.(http://servername) Since http works, the problem seems to deal with SSL or the HTTPS port. A few things to check: 1. The web publishing rule for the site and the certificate installed on the server. Check the certificate (validation, site name, etc.) 2. Make sure the port is correctly configured in IIS. One thing i've seen with ISA and websites, is that I would have to include them in my proxy exclusion list in IE. (both HTTP and HTTPS). If viewing the site from external network: 1. Still check the cert and the IIS settings. 2. Check web publishing rule for the site. Make sure the cert installed on IIS, and ISA is configured correctly on the server. (name, validatino etc.) Check the port the publishing rule is configured for. 3. Check the configuraion of the the web listner for the website. 4. Check your resolution method (DNS). Let me know if that helps. Dante
    0 pointsBadges:
    report
  • Mraslan
    I believe that the web server is on the internet not on your network, correct me if i'm wrong. If the above is true, does your ISA server allows certain protocols to users? or does it allow all traffic from internal users to the internet? from what you said, i beleive that your ISA server is allowing some protocols to users. If so then you will have to add a new protocol definition with the new port 8443, and then add a new protocol rule that allows your users to use this protocol to access external web servers. I'm assuming that you are using ISA 2000, if you are using ISA 2004, the process is similar but from different places. If its not like that please describe more your network setup, you don't have to say the exact setup or IP's, and also it will be good if you describe the error returned to the client.
    0 pointsBadges:
    report
  • Dcashman
    check out isaserver.org and www.isatools.org. I was having the same problem and found a fix from Jim Harrison. Save this code as vbs and run. set isa=CreateObject("FPC.Root") set tprange=isa.Arrays.GetContainingArray.ArrayPolicy.WebProxy.TunnelPortRanges set tmp=tprange.AddRange("SSL 8443", 8443, 8443) tprange.Save
    0 pointsBadges:
    report
  • Habiru
    All good advice. But if this does not fix it, try this. Contact your provider to make sure that the server is not caching. Had this very same problem last year from a client. ISP had started using the caching option on the server and in doing so, he could not log on to authenticate with his RSA keygen.
    0 pointsBadges:
    report
  • Mraslan
    Just want to add that the post by dcashman is right, this is a known issue with ISA if you are using HTTPS. The solution i posted earlier will not be complete in your case, if the solution posted by dcashman didn't work for any reason, then just tell me is your clients browser are configured to use ISA as a proxy or not, and tell me how is the HTTP Redirectory Filter is configured, you will find it on the ISA Server, ISA Management Console, Externsions, Applicaiton Filters, HTTP Redirector, By default it should be "Redirect to the local web proxy service". I need to know how this and the browser is configured in order to give you the correct solution.
    0 pointsBadges:
    report
  • Humboldt421
    The port in question is likely a typo, the port was changed from 80 to 443 but someone forgot to press enough backspaces. I would contact that systems admin and explain your situation and ask if that was done with purpose or accidental.
    10 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following