isa 2004 - banned site rule cause slow internet

Posted by Holian on Server Fault See other posts from Server Fault or by Holian
Published on 2011-01-10T08:34:49Z Indexed on 2011/01/10 8:55 UTC
Read the original article Hit count: 293

Filed under:
|
|

Hi Gods,

We have windows server 2003 with isa 2004. Our clients uses internet with proxy.

We have two isa rule:

 order  name      action     protocolls    from/listener                       to        condition 
  1.    trafic    ALLOW   all outbound      all networks                   all networks    all users
  2.     FTP      ALLOW    FTP Server      EXTERNAL/INTERNAL/Local host    10.1.1.1  

So we have to "bann" a few webpage (like facebook, youtube...etc...), so we make a new rule

  0.   banned     DENY      HTTP           internal                        denied pages     all users

In the denied pages we have the *.facebook.com domain set.

After we enable this rule, the entire internet slows down. The banning rule works well, redirect to an internal site, but the other sites.... If i open a page..it normally takes 3-10 sec to load, but after this rule this time is: 2-4 minutes.

In the monitor / logging menu we got a few FAILED CONNECTION ATTEMPT like:

Log type: Web Proxy (Forward)

Status: 304 Not Modified

Rule: All local traffic

Source: Internal ( 10.1.1.1:0 )

Destination: External ( 172.24.28.22:3128 )

Request: GET http://www.konyvelozona.hu/wp-content/uploads/nyugdijas-holgy-2.jpg

Filter information: Req ID: 17270b72 

Protocol: http

User: anonymous

 Additional information

Client agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.3072...

Object source: Verified Cache Processing time: 9047

Cache info: 0x18801002 MIME type: -

In the event log we got a few log:

Description: The Web Proxy filter failed to bind its socket to 10.1.1.1 port 80. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties indicates the cause of the failure. The failure is due to error: 0x8007271d
The Web Proxy filter failed to bind its socket to 127.0.0.1 port 80. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties indicates the cause of the failure. The failure is due to error: 0x8007271d

If i tpye: netstat -o -n -a | findstr 0.0:80 

then i got,

tcp 0.0.0.0:80 0.0.0.0:0 LISTEN 4

udp 0.0.0.0:8031 *.*    2780

udp 0.0.0.0:8082 *.*    2780

Some month ago we installed XMAP, but now we only use mysql. Apache service stopped. In the Xamp port check menu i see:

Service        POrt        Status 
Apache (http)   80       Process: System

Maybee this is the problem? I dont know what should i do now...

Thank you folks.

© Server Fault or respective owner

Related posts about Windows

Related posts about server