isa 2004 - banned site rule cause slow internet
Posted
by
Holian
on Server Fault
See other posts from Server Fault
or by Holian
Published on 2011-01-10T08:34:49Z
Indexed on
2011/01/10
8:55 UTC
Read the original article
Hit count: 293
Hi Gods,
We have windows server 2003 with isa 2004. Our clients uses internet with proxy.
We have two isa rule:
order name action protocolls from/listener to condition
1. trafic ALLOW all outbound all networks all networks all users
2. FTP ALLOW FTP Server EXTERNAL/INTERNAL/Local host 10.1.1.1
So we have to "bann" a few webpage (like facebook, youtube...etc...), so we make a new rule
0. banned DENY HTTP internal denied pages all users
In the denied pages we have the *.facebook.com domain set.
After we enable this rule, the entire internet slows down. The banning rule works well, redirect to an internal site, but the other sites.... If i open a page..it normally takes 3-10 sec to load, but after this rule this time is: 2-4 minutes.
In the monitor / logging menu we got a few FAILED CONNECTION ATTEMPT like:
Log type: Web Proxy (Forward)
Status: 304 Not Modified
Rule: All local traffic
Source: Internal ( 10.1.1.1:0 )
Destination: External ( 172.24.28.22:3128 )
Request: GET http://www.konyvelozona.hu/wp-content/uploads/nyugdijas-holgy-2.jpg
Filter information: Req ID: 17270b72
Protocol: http
User: anonymous
Additional information
Client agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.3072...
Object source: Verified Cache Processing time: 9047
Cache info: 0x18801002 MIME type: -
In the event log we got a few log:
Description: The Web Proxy filter failed to bind its socket to 10.1.1.1 port 80. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties indicates the cause of the failure.
The failure is due to error: 0x8007271d
The Web Proxy filter failed to bind its socket to 127.0.0.1 port 80. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties indicates the cause of the failure.
The failure is due to error: 0x8007271d
If i tpye: netstat -o -n -a | findstr 0.0:80
then i got,
tcp 0.0.0.0:80 0.0.0.0:0 LISTEN 4
udp 0.0.0.0:8031 *.* 2780
udp 0.0.0.0:8082 *.* 2780
Some month ago we installed XMAP, but now we only use mysql. Apache service stopped. In the Xamp port check menu i see:
Service POrt Status
Apache (http) 80 Process: System
Maybee this is the problem? I dont know what should i do now...
Thank you folks.
© Server Fault or respective owner