URL Filters Web Proxy (Deny Access)

Similar Messages

• Ical, caldav and Web proxy.

  Hi,
  I have configured ical with an external caldav server. The caldav URL server is reachable using http or https. The synchronization works fine at Home where I don't use web proxy to access to Internet. But at work, even if the network is properly configured with the proxy (Safari is working fine with the proxy configuration), ical seems to not be able to use the web proxy. Then, the synchronization is not working at work.
  Is there any limitation for ical/caldav to work through web proxy?
  Thanks.
  LauDai.

  I have exactly the same problem. A network expert suggested that the problem could be in the proxy. The CalDAV protocol used by iCal is an extension to the standard HTTP protocol, and apparently not all proxies can deal with the extensions. I don't know if there is a way to check if this is the cause of the problem.

• HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )

  17:06:13 Synchronizer Version 14.0.6123
  17:06:13 Synchronizing Mailbox '[email protected]'
  17:06:13 Synchronizing Hierarchy
  17:06:13   4 folder(s) added to online store
  17:06:13   1 folder(s) updated in online store
  17:06:13 Synchronizing local changes in folder 'Inbox'
  17:06:13 Error synchronizing folder
  17:06:13 [80041004-0-0-430]
  17:06:13 Error with Send/Receive.
  17:06:13 There was an error synchronizing your folder hierarchy. Error : 80041004.
  17:06:13 Synchronizing server changes in folder 'Calendar'
  17:06:13 Synchronizing server changes in folder 'Contacts'
  17:06:13 
  17:06:13 
  *Request*       
  17:06:13 17:06:13:0590
  17:06:13 POST
  17:06:13  http://
  17:06:13 contacts.msn.com
  17:06:13 /ABService/ABService.asmx
  17:06:13 
  17:06:13 <ABFindAll xmlns="http://www.msn.com/webservices/AddressBook"> <abId>00000000-0000-0000-0000-000000000000</abId><abView>Full</abView><deltasOnly>false</deltasOnly></ABFindAll>
  17:06:13 
  *Response*  
  17:06:13 17:06:13:0870
  17:06:13 HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
  Via: 1.1 TMG
  Proxy-Authenticate: Negotiate
  Proxy-Authenticate: Kerberos
  Proxy-Authenticate: NTLM
  Connection: close
  Proxy-Connection: close
  Pragma: no-cache
  Cache-Control: no-cache
  Content-Type: text/html
  Content-Length: 707
  17:06:13 
  17:06:13 
  17:06:13 
  17:06:13 Error with Send/Receive.
  17:06:13 There was an error synchronizing a contacts folder. Error : 80004005.
  17:06:13 Synchronizing server changes in folder 'Drafts'
  17:06:13 Synchronizing local changes in folder 'Inbox'
  17:06:13 Error synchronizing folder
  17:06:13 [80041004-0-0-430]
  17:06:13 Synchronizing server changes in folder 'Sent Items'
  17:06:13 Synchronizing server changes in folder 'Deleted Items'
  17:06:13 Synchronizing server changes in folder 'Junk E-mail'
  17:06:13 Done
  17:06:13 
  17:06:13 
  *Request*       
  17:06:13 17:06:13:0870
  17:06:13 POST
  17:06:13  http://
  17:06:13 mail.services.live.com
  17:06:13 /DeltaSync_v2.0.0/Settings.aspx
  17:06:13 
  17:06:13 <?xml version="1.0" encoding="utf-8"?><Settings xmlns="HMSETTINGS:"><ServiceSettings><SafetySchemaVersion>1</SafetySchemaVersion><SafetyLevelRules><GetVersion/></SafetyLevelRules><SafetyActions><GetVersion/></SafetyActions><Properties><Get/></Properties></ServiceSettings><AccountSettings><Get><Options/><Properties/></Get></AccountSettings></Settings>
  17:06:13 
  *Response*  
  17:06:13 17:06:13:0870
  17:06:13 HTTP/1.1 407 Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
  Via: 1.1 TMG
  Proxy-Authenticate: Negotiate
  Proxy-Authenticate: Kerberos
  Proxy-Authenticate: NTLM
  Connection: close
  Proxy-Connection: close
  Pragma: no-cache
  Cache-Control: no-cache
  Content-Type: text/html
  Content-Length: 707
  17:06:13 
  17:06:13 

  Hi,
  According to the log, it seems that TMG firewall denied the request and replied with an HTTP 407 response, indicating that proxy authentication was required. This was done because the Forefront TMG firewall did not have any access rules which would allow
  the anonymous request. Please check if you have configured related access rules.
  When did you recieve this log? Is there anyting wrong? Which authentication method you have used, Kerberos, NTLM or other? 
  It seems that each time a web proxy client requests a resource through a Forefront TMG firewall that requires NTLM authentication the client is actually denied twice during the transaction before being successfully authenticated and allowed access. When
  the Forefront TMG firewall is configured to use Kerberos there is only a single denied request and HTTP 407 response and then contact a domain controller and obtain a Kerberos ticket to present to the TMG firewall to gain access to the resource.
  If you configured the TMG clients with a certain proxy name, please make sure you typed the TMG's domain computer name only (not IP address nor alias).
  Best regards,
  Susie

• URL Filtering on ACE 4710 -Deny access

  Hi,
  I have a requirement to filter (deny access) to certain URL's. The URL's are listed below. Any guidance/assitance in achieving this would be greatly appreciated.
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  https://<Domainname>/corp/BANKAWAY?Action.Admin.Init=Y&AppSignonBankID=NG
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  https://<Domainname>/corp/BANKAWAY?Action.RMUser.Init.001=Y&AppSignonBankId=NG&AppType=corporate&CorporateSignonLangId=001
  Also, to achieve this, would we need to do SSL off-loading. I believe so. Then would have to initiate back to server.
  Thanks in advance.
  Paul.

  Yes SSL offload is mandatory.
  You can achieve this in at least two ways :
  Use L7 inspection and a reset action : http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA4_1_0/configuration/security/guide/appinsp.html#wp1283413
  or use two L7 class-maps and direct the requests to a dummy / redirect server farm.
  The best way to achieve this would be to generate a 403 forbidden but the ACE seems to not be able to send such a code by itself.

• Sun access manager 7.1 + sun web proxy server 4

  Hi all,
  we have installed policy agent 2.2 on the web proxy server 4.0.5. and AM is installed on another machine with ver 7.1.
  We are trying to prtectect an java application.
  ex:// http://stonycarter.com:9080/med
  when we hit this url we get redirected to AM for login and after login we get page not found error and it would never take us to the application page.
  Pls, let us know how to configure the application. ie, how to achive above task.

  Hi,
  Here is what i found out
  2008-06-14 18:26:12.432 Debug 4655:f4fb88 PolicyAgent: am_web_is_access_allowed(): Successfully logged to remote server for
  GET action by user SMHOM0690 to resource https://beta.stonycarter.com:443/med/.
  2008-06-14 18:26:12.432 Info 4655:f4fb88 PolicyAgent: am_web_is_access_allowed()(https://beta.stonycarter.com:443/med/, GET) returning status: access denied.
  2008-06-14 18:26:12.432 Debug 4655:f4fb88 PolicyAgent: validate_session_policy() access denied to SMHOM0690
  2008-06-14 18:26:12.433MaxDebug 4655:f4fb88 PolicyAgent: am_web_get_url_to_redirect(): goto URL is https://beta.stonycarter.com:443/med/
  2008-06-14 18:26:12.433 Info 4655:f4fb88 PolicyAgent: do_redirect() Status code= access denied.
  2008-06-14 18:26:12.433MaxDebug 4655:f4fb88 PolicyAgent: validate_session_policy(): Completed handling request with status: a
  ccess denied.
  pls suggest solution.

• Help - cannot access web service outside web proxy

  I'm trying to access a public web service - and web proxy stops me from doing it.
  Here is my code:
  package test;
  import java.rmi.RemoteException;
  import javax.xml.rpc.ServiceException;
  import net.webservicex.www.WeatherForecastLocator;
  import net.webservicex.www.WeatherForecastSoap;
  import net.webservicex.www.WeatherForecastSoapStub;
  import net.webservicex.www.WeatherForecasts;
  import java.net.*;
  import java.io.*;
  public class TestOutput {
  public static void main(String[] args) {
    initialiseConfiguration();
    printForecast();
  public static void initialiseConfiguration() {
    System.setProperty("http.proxySet", "true");
    System.setProperty("http.proxyHost", "proxyserver");
    System.setProperty("http.proxyPort", "8080");
    System.setProperty("http.proxyUser", "userid");
    System.setProperty("http.proxyPassword", "password");
  public static void printForecast() {
    try {
     WeatherForecastLocator wfl = new WeatherForecastLocator();
     WeatherForecastSoap wfs = wfl.getWeatherForecastSoap();
     WeatherForecasts forecasts = wfs.GetWeatherByZipCode("90210");
    } catch (Exception e) {
     e.printStackTrace();
  }Here, I was using the test web service located in www.webservicex.net/WeatherForecast.asmx
  I've created stubs using Eclipse (package net.webservicex.www) in another project, compiled into a jar, and imported into the test project.
  The test is working beautifully from my home. It's failing in the office with the error:
  AxisFault
  faultCode: {http://xml.apache.org/axis/}HTTP
  faultSubcode:
  faultString: (407)Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. )
  faultActor:
  faultNode:
  faultDetail:
  {}:return code: 407
  It's failing when it's trying to execute
  WeatherForecasts forecasts = wfs.GetWeatherByZipCode("90210");
  The "initialiseConfiguration" function is doing its job OK - it's actually helping me to go through the proxy - if I'm doing simple stuff like accessing internet sites. I've tested it - I can get to any external site and read from it. The moment I disable "initialiseConfiguration", I can't get through the proxy.
  So, probably, the problem lies in the web services client classes generated by Eclipse and based on axis. Maybe, the code gets through the proxy, but then starts to do something without authentication??? (I'm not sure if it's possible at all, but who knows...)
  I've read a lot of postings on this subject and couldn't find a solution that would work for me. I'm very surprised, because my situation is very common - there are more and more public web services, and most organisations have firewalls. Obviously, I'm making some very elementary mistake.
  Please help

  We have the same problem, not with SOAP but with XML-RPC (err 407). We're still stumped, and i agree that the problem should be common, but i don't see the mistake, so it's not that obvious.
  Hypothesis: the proxy is spying on the requests content , and filtering out xml. Can you check that ?
  Message was edited by:
  idiallo

• Web proxy URL Filter

  Hi
  I am currently using regular expressions to filter out undesirable websites on my web proxy server.
  I currently use .*://.*\.*mail.*/.* to filter out any url's that contain the word 'mail' to prevent access to the many webmail sites.
  however, this is also blocking [http://www.royalmail.com|http://www.royalmail.com] which my users need to access.
  i have created a reg ex to deny mail but allow royalmail and successfully tested it on the many reg ex testers available on the web, but when i add it to my proxy server it fails to work.
  the reg ex is .*://.*
  .*(?<!royal)(mail).*/.* and works fine when tested on [http://regexlib.com/RETester.aspx|http://regexlib.com/RETester.aspx]
  does anyone know why this isn't working?
  or can anyone help me create one that will work with the software.
  Many Thanks in advance
  zsl

  hi
  check this links , hope will give you some idea
  /message/363021#363021 [original link is broken]
  http://help.sap.com/saphelp_nw04/helpdata/en/ab/08194116bfb167e10000000a155106/frameset.htm
  Re: how to configure proxy serwer IP and port?
  /message/721859#721859 [original link is broken]
  Proxy Authentication required for Accessing External Webservices
  /message/645853#645853 [original link is broken]
  Thanks

• Websense URL Filtering is not working in transparent proxy mode

  The "sh ip wccp web-cach detail" show that the redirection to CE cluster (5 of them)is working but the url filtering doesnt work at all. The Websense server is on the same VLAN as all the 5 CE. This thing happened when we reconfigured the wccp router list in all the 5 CE point to the msfc vlan ip from the loopback ip address of the msfc. But the strange thing is the filtering work well when we manually configured the proxy server in the internet explorer point to the CE. Any advise?
  Thanks.
  William

  Problem is due to absense of Host header field . Most of the browsers will send host header field. But in HTTP/1.0 Host header is not a must , though most of the browsers send it.

• Schedule web url filtering in isa550

  Hello,
  This is my first experience using isa550 security appliance.  i would like to schedule the web url filters: in example accept or deny some websites or url categories on certains hours, or days.
  i see that the schedules can be applied on firewall rules, but i can't see how to apply theses schedules on web url filtering. when i link the web url policy to zones i don't see anything about shedules .
  can you help please ?

  I can confirm what you are seeing. There are schedules on the Application Control, for example, but not the web filter. One possible consideration with this is though you may want to allow some websites during certain times (Facebook over lunch hours for example) there would probably be blocked websites you would want to allow ever (child porn for example) ever. Since only one policy can be applied per Zone, until multiple policies can be applied to a Zone, you probably wouldn't want to turn off ALL web filtering for a Zone ever.
  I'd recommend trying to leverage Application Control instead. You can apply multiple policies to a Zone so you could create a policy that includes everything that is blocked always and another that has content you'll allow during a schedule. The apply both policies to the same Zone and ensure your schedule policy is above your always block policy so that if there's ever a conflict the schedule policy would apply first and allow the traffic during allowed times. That's unless your internal security policies dictate otherwise.
  Sent from Cisco Technical Support iPhone App

• Web-Service Proxy and Web-Service Client access in a Bean (EJB 3.0)

  Hello Community,
  i want to access the SAP Knowledge-Management via the Webservice "RepositoryFrameworkWS", which resides on our Portal-System, from my Java-Application, which runs on a NW CE 7.11 Ehp1 Java Server.
  I choosed to create a WS-Client as a deployable client. So i created an Bean Project, imported the WSDL and created a WS-Proxy in that project. Additionaly i added some beans to that Bean-Project which use the WS-Proxy to access the KM.
  So far so good.
  But the WSDL also creates a Service-Endpoint, which already has an url for the WS-Target and Authentication-Information (in my case it seems that no Authentication is active) in its body.
  Because my client shell run on different systems in the future i searched for a way to easiliy deploy my application and adapt target-information elsewhere. I found in the documentation, that after deploying the deployable WS-Proxy/Client this can be done in the NW-Administrator under SOA-Management->Application and Scenario Communication->Single Service Administration.
  To my surprise i found my deployed WS there. And the entry for the there listed Port was configurable. But unfortunatly this customization is ignored by the application. For example i changed authentication to a HTTP-Authentication with a specific user and also changed to Target-URL. But with no success.
  What's wrong here?
  i accessed the WS in my bean in the following way:
      public Class xyz
       @WebServiceRef (name="RepositoryFrameworkWS")
       RepositoryFrameworkWS service;
        RepositoryFrameworkWSViDocument vi = service.getPort(RepositoryFrameworkWSViDocument.class);
       vi.findResources(rid,....)
  regards
  Matthias Hayk
  Edited by: Matthias Hayk on Sep 15, 2009 10:13 AM

  Hi Matthias
  In Single Service Administration there are two views: Webservices and WS Clients configurations. First of all you should enable BASIC HTTP authentication in WS configuration. Then go to WS Client configuration and enter user/password in HTTP BASIC authentication settings.
  Hope this help.
  BR, Siarhei

• Web Filtering / URL Filtering

  Dear All,
  I am looking forward to buy the cisco ASA Firewall with the below mentioned part number.
  ASA5525-SSD120-K9 kindly please let me know whether it supports WEB Filtering / URL Filtering.
  or do i need to go for any other model or license.
  Awaiting your quick responses as it is very urgent.
  Responses are highly appreciated..

  That's the hardware
  You also need a software subscription for the URL/web stuff/IPS
  Near the bottom of this page:  http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/data_sheet_c78-701659.html
  there is a chart with the options and part numbers.

• ProtectLink Web Protect URL Filtering not working

  Good day!
  Please help.
  We have a problem on our RV042 router.
  The Protectlink WebProtect URL filtering is not working.
  When we first activate the service (Nov. 12), it worked for a few days, then 2 days ago, our internet connection got problems. But yesterday, our ISP fix the problems on our internet connection, but the URL filtering of WebProtect is not working anymore even if it is enable, up to this time.
  What should we do about this problem?
  Thanks in advance for your kind replies!

  i have installed TMG 2010 and created url filtering rule for facebook.com but that problem
  is ever after five minutes i can see that the users can access facebook. and then i check in TMG MMC so i can see that the Category Query says me that facebook.com is unknown....but just after five minutes i can see facebook has been automatically blocked
  and i can also see in Category Query it says me facebook is in blog/wiki category...
  so why it is changing automatically every after 5 or 10 minutes :( ?
  where is the problem ???
  i need your help please !!

• Error while turning on Access control for web proxy

  When I try turning on access control setting for the service (using web-based server admin page: sever preferences->restrict access), i got this pop-up error message:
  System Error:
  The POST variables could not be read from stdin.
  Environment:
  Windows2000 SP2
  Sun ONE WebProxy 3.6 SP1
  File-System NTFS
  Thx

  Hi,
  Please mention on which platform you have installed the iplanet web proxy server. If it is on NT then make sure it must on NTFS partition.
  refer the following link for more details
  http://docs.iplanet.com/docs/manuals/proxy/36/adminnt/contents.htm

• URL filtering replacing with web usage control

  I come to know the URL filtering in ironport is replacing with the advanced web usage control. May i know from which version its introducing? Any upgradation procedure?
  What are the changes will take place after the upgradation & what kind of functionality will be available with Web Usage Control.
  Please clarify in detail.
  Thanks in advance
  Siva

  I don't remember when the web Usage controls was introduced... I'm going to guess 7.0?
  To upgrade your box to the the current version, click on System Administration>System Upgrade.  Click on the Available Upgrades and see what's available for your hardware.  If nothing is there, contact your reseller.
  Review the release notes for the version you want to upgrade to.  http://www.cisco.com/en/US/products/ps10164/prod_release_notes_list.html
  Select the version you want, check the box to save the config, you can also have it email you the config.  Make sure to uncheck the "Mask passwords..." so that if you have to reload this config on something, it works properly.
  There are a huge number of changes in how web usage control works, and the visibility it gives you into what apps users are using and how those applications work.  Far to many to go into here.  Look at this document:
  Chapter 18. http://www.cisco.com/en/US/docs/security/wsa/wsa7.5/user_guide/WSA_7.5.0_UserGuide.pdfhttp://www.cisco.com/en/US/docs/security/wsa/wsa7.1/user_guide/Cisco_IronPort_AsyncOS_7.1.0_User_Guide_for_Web_Security_Appliances.pdf

• Sample web service proxy for accessing secured webservice

  Hi,
  Am trying to write a web service proxy to access a secured web service.
  How do we call the web service and pass the authentication information. I generated a service proxy in jdevelopr. in the main class i set the user name and password but was still unsuccessful.
  How do we set the "UsernameToken".
  Please see the sample header that is expected.
  <soap:Header>
  <wsa:Action>http://myactaction</wsa:Action>
  <wsa:MessageID>uuid:asdfadrewrwqr</wsa:MessageID>
  <wsa:ReplyTo>
  <wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>
  </wsa:ReplyTo>
  <wsa:To>http://myact</wsa:To>
  <wsse:Security soap:mustUnderstand="1">
  <wsse:UsernameToken wsu:Id="SecurityToken-321321">
  <wsse:Username>mordfsafsdae</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">werwqrewrwe</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </soap:Header>
  Any Sample service proxy would be a great help.
  Thanks
  -Kiran
  Edited by: user10473085 on Oct 25, 2008 1:05 PM

  Hi Kiran,
  Here are all steps You need to do
  "Securing Web Services using JDeveloper and WS-Security" http://www.oracle.com/technology/products/jdev/101/howtos/securews/index.html
  Set username and password:
  (...)myPort= new ServicePortTypeClient(); //<- Your webservice port class
  // security
  myPort.setUsername("exampleuser");
  myPort.setPassword("examplepassword");
  You don't need to write more code in java.
  I hope it helps.
  Kind regards
  Hubert M.
  Other documents:
  "Oracle® Application Server Web Services Security Guide" http://download.oracle.com/docs/cd/B31017_01/web.1013/b28976/toc.htm