BorderManager Transparent Proxy issue

Good Morning,

We have been experiencing issues with our Border Manager Transparent
proxy configuration. We are having issues with redirect loops occurring
only on Google.com front end server requests. We get 301 HTTP errors.
The problem seems to be when our Web Content filter passes the packet
off to our Border Manager server it causes the redirect loops. The only
work arounds at this time we have discovered was to either use the
search box of any web browser, or go to 'iGoogle'
(http://www.google.com/ig) and then back to the classic Google Home. The
other work around is to setup our workstations to proxy to our Web
Content filter over Port 8080, which totally defeats the Transparent
proxy purpose. With our current setup we were having problems with our
Proxy crashing until we removed the "Enable Persistent Connection to
Browsers option". Our environment is as follows:

Novell 6.5 SP7 with TCP\IP stack hotfix
Border Manager 3.9 SP2?? (I believe)
St. Bernard Iprism 30h unit with software level 6.2 --> Web Filter
appliance. 

St. Bernard, does not see any problems with our Iprism configuration at
this time. 

Sorry about being long winded, but this has been a tricky one.
Hopefully someone on here has dealt with something like this. If you
need any further information please let me know. Thanks.


-- 
dshofkom33
------------------------------------------------------------------------



0
dshofkom33
10/1/2009 1:16:01 PM
novell.bordermanager.proxies 3217 articles. 0 followers. Follow

5 Replies
726 Views

Similar Articles

[PageSpeed] 1

How about setting the problem URL's as exceptions to the transparent 
proxy (so they won't be proxied), and then open filter exceptions to 
the network addresses or subnet to allow the traffic directly out 
without using proxy?

What is the reason for avoiding setting the proxy in the browsers?  It 
works much better when set for proxy - transparent proxy has a few 
issues and always has.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on 
BorderManager, go to http://www.craigjconsulting.com ***


0
Craig
10/1/2009 2:13:34 PM
phxazcraig;1865292 Wrote: 
> How about setting the problem URL's as exceptions to the transparent
> proxy (so they won't be proxied), and then open filter exceptions to
> the network addresses or subnet to allow the traffic directly out
> without using proxy?
> 
> What is the reason for avoiding setting the proxy in the browsers?  It
> works much better when set for proxy - transparent proxy has a few
> issues and always has.
> 
> Craig Johnson
> Novell Support Connection SysOp
> *** For a current patch list, tips, handy files and books on
> BorderManager, go to http://www.craigjconsulting.com ***

Craig,

Thank you very much for your response. We have tried the stated above.
I guess it is just the way both of systems work together in transparent
modes. We just wanted to take advantage of using the transparency so we
didn't have to make sure that our proxy settings are correct since we
allow multiple browsers to be used in our environment. We are coming to
the conclusion that the Transparent proxy is ugly and we are going to
come up with an action plan from here. Thanks again for your help and
support.


-- 
dshofkom33
------------------------------------------------------------------------
dshofkom33's Profile: http://forums.novell.com/member.php?userid=31424
View this thread: http://forums.novell.com/showthread.php?t=387910

0
dshofkom33
10/1/2009 2:36:01 PM
dshofkom33 wrote:
> Good Morning,
> 
> We have been experiencing issues with our Border Manager Transparent
> proxy configuration. We are having issues with redirect loops occurring
> only on Google.com front end server requests. We get 301 HTTP errors.

301 is not an error, it is an informational http code

I've seen in the past this web filters appliances stripping the content
length of the 301/302 redirect packets, causing bm to fail as the
redirect link is on the data portions that has been stripped. Of course,
a lan trace, as always, will show the real issue very clearly.
As i can access google.com and be redirected with no issues thru my TP
in my bm39sp2 server, start checking that you've got this entry on your
proxy.cfg file:

EnableIncomplete302ResponseFix=0

if not, probably you're running and default proxy.cfg hence missing many
switches.

But a lan traces on bm server will show what the issue really is.
0
Mysterious
10/1/2009 3:18:24 PM
Mysterious;1865356 Wrote: 
> dshofkom33 wrote:
> > Good Morning,
> >
> > We have been experiencing issues with our Border Manager Transparent
> > proxy configuration. We are having issues with redirect loops
> occurring
> > only on Google.com front end server requests. We get 301 HTTP
> errors.
> 
> 301 is not an error, it is an informational http code
> 
> I've seen in the past this web filters appliances stripping the
> content
> length of the 301/302 redirect packets, causing bm to fail as the
> redirect link is on the data portions that has been stripped. Of
> course,
> a lan trace, as always, will show the real issue very clearly.
> As i can access google.com and be redirected with no issues thru my TP
> in my bm39sp2 server, start checking that you've got this entry on
> your
> proxy.cfg file:
> 
> EnableIncomplete302ResponseFix=0
> 
> if not, probably you're running and default proxy.cfg hence missing
> many
> switches.
> 
> But a lan traces on bm server will show what the issue really is.

Is there any kind of "WIRESHARK" for Novell Netware 6.5??? If not I am
going to attempt to mirror the port and see what that gets me.


-- 
dshofkom33
------------------------------------------------------------------------
dshofkom33's Profile: http://forums.novell.com/member.php?userid=31424
View this thread: http://forums.novell.com/showthread.php?t=387910

0
dshofkom33
10/1/2009 6:16:01 PM
dshofkom33 wrote:

>> But a lan traces on bm server will show what the issue really is.
> 
> Is there any kind of "WIRESHARK" for Novell Netware 6.5??? If not I am
> going to attempt to mirror the port and see what that gets me.
> 
> 

tid 2967287
0
mysterious
10/1/2009 6:19:30 PM
Reply:

Similar Artilces:

BorderManager Proxy Issue
If when using BorderManager 3.5 on NetWare 5.0 (fully patched) I place a proxy exception for a particular URL at both the server end and the client end, the Web Site does not function properly. By that I mean that the Web Site initially loads, a user enters the correct username/password and clicks login and the Web Site reloads the login page. If I place the exception for the Web Site at either the server end or the client end individually, the performance of the Web Site is equally terrible. This issue is specific to this Web Site only. hi, can you provide the URL?...

Proxy to proxy
Hi. We use BM 3.8 as a proxy server and the main task is to restrict which url's the users can use. In the network there is another proxy server with internet access. Is it possible to setup BM to use another proxy server to connect to internet? And if yes, how ? Magne Absolutely. Search under "Cache Hierarchy Client". Basically....enable the client on the BM box, add you upstream proxy (Neighbor Hostname) add the correct port for the type of upstream proxy, add the type of proxy, usually you can just leave the priority at "1". looks like this...

proxy to proxy
We will connect with our Bordermanager to an other proxy. but there is a syntax-problem our BM-Proxy will build the connection with(Trace) ....cyberbanking.bankkoop.ch:443/ HTTP/1.0..... but there should not be / according to RFC there is no "/" Slash allowed. Beat Brunner <<...cyberbanking.bankkoop.ch:443/ HTTP/1.0..... that has been fixed in the latest patches Gonzalo > <<...cyberbanking.bankkoop.ch:443/ HTTP/1.0..... > > that has been fixed in the latest patches > > Gonzalo > what do you meen with lastes patches ...

to proxy or not to proxy that is the ?
ok, i had jconect on NT and my AIX Sybase database on an RS/6000, so i used the proxy...fine. i have installed jconnect on the rs/6000, installed netscape fasttrack and i STILL have to use the proxy to avoid those -1 erro messages. does this mean that jConect always has to use that proxy no matter where anything lives? i am confused.... please enlighten me This is a multi-part message in MIME format. --------------6A7C6750A66874EBD6E2677A Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit If you remove the "proxy" connection property fro...

bordermanager restart and Macintosh proxy issue
I have three issues. One is my bordermanager server NW6.5sp6 bm3.8.5 is restarting on its own for some reason every so often(not sure why). Two is that I have transparent proxy enabled for both ports 80 and 443 and it shows as running but is not working.Three is that I have Macintosh computers using my web proxy that cannot get to Https sites. On a pc using the proxy they do not have this issue. Any ideas? Roland Lambert First, check tips #1, 23 and 63 at the URL below. Get the server patched and tuned. Hopefully that will solve any restarting issues. Second, check...

to Proxy or not to Proxy ?
Hi all, Could I ask for some opinions regarding using a proxy ? Here in the UK, I use Freeserve as my dial-up ISP. There is a web-cache proxy available for use if required, tho' IE6 works fine with or without (a small increase in page loads occurs if I use the proxy). The problem is, that if I use the proxy, then my Outpost Firewall logs only register connections to it, so I suffer from a serious lack of information about where my browser connections are going and what I could block (like adclick connections etc). I'm really not sure about the merits of with/without the pr...

How configur Squid Transparent Proxy like Bordermanager
I need help in configure Squid with my sles 10sp1. I want to configure as a transparent proxy without any bridging similar to Bordermanager. I have try yast and webmin but I need direction. Thanks. Sang, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Visit http://support.novell.com and search the knowledgebase and/or check all the other self support options and support programs availabl...

BorderManager 3.8 Proxy Authentication Issue
We currently have our BM 3.8 server configured to require authentication prior to granting access to the Internet. All clients are successfully using the CLNTRUST application to authenticate. Workstations configured to use the proxy server must authenticate; and from that aspect, all seems to be working well. We are now adding a Blackberry Enterprise Server, which has been configured to use the same BorderManager server. No Novell client currently is installed on the box. When accessing the Internet via the Blackberry browser, (handheld device) no one is being prompted to authent...

HTTP Proxy and Transparent Proxy
Dears: I have BM 3.7 and NW 6.0, i wanna a use, HTTP Proxy and Transparent Proxy together in the same machine, but use diferent IP Addresses in the same Private NIC, for the services, for example HTTP Proxy : 192.168.0.10:8080 ... for some users THTTP : 192.168.0.20:80 ... for other different users any idea ?, I look in the manual, but i did not found nothing.... Thanks in advance, Jose from Chile this cannot be done. The transparent proxy will affect all users. -- Cat NSC Volunteer Sysop ...

BorderManager 3.7 proxy authentication issue with Citrix ICA clients
This is a little different from the problems that I've seen in the Knowledgebase for BorderManager concerning Citrix connectivity. Here is the problem scenario: BorderManager 3.7, with SP2, running on Netware 6.0, SP6, configured as a proxy/firewall for workstations on a specific part of our LAN. The clients are mostly Win2k, using IE6 with all latest patches. They have IE configured to use BorderManager server as their proxy for all typical services (http, https, ftp). The clients are using Citrix ICA clients, both full or Web clients, to access an several applications hos...

Bordermanager proxy configure
Hi! When I try to configure HTTP Proxy via iManager 2.7.2 I get error "Please enter an Integer between 1 and 65535", I saw something that this maybe an iManager error. I have tried the BorderManager Proxy forum but no luck. Any ideas? NetWare 6.5 SP8 BorderManager 3.9 SP1 /SP -- ste00pek ------------------------------------------------------------------------ ste00pek, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved...

FTP proxy & Transparent Proxy setup
--____VXWHOENWUJCUWAOOUIOM____ Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable I have done a fresh install of BorderManager 3.7 SP1 on a server and I am = trying to get the proxies working. I currently have the packet forwarding = filters turned off and everyone can HTTP, FTP and Telnet to their heart's = content. When I turn on the filters, I believe that the proxies are = suppose to take this traffic and work with it. But it doesn't,=20 Can anyone help me out here? --____VXWHOENWUJCUWAOOUIOM____ Content-Type: multipart/rel...

HTTP Proxy acting like transparent proxy
Our school district does not use transparent proxy, however, I've just noticed that students can remove the proxy settings from IE and still get out through BorderManager. We are using BorderManager 3.7 and I checked to verify that transparent proxy is not enabled. Eric Bowser Upper Valley Joint Vocational School hi Eric, it's not acting as transparent proxy - it's simply routing the traffic through NAT and your users are browsing without any proxy or control. To prevent this, you should implement packet filters in the BM server. -- Caterina Novell Suppo...

Proxy Issues and other issues
We have teams of workers who service specific sized clients in our company. The purpose is to keep clients from becoming "attached" to any one customer service representative and gumming up the works. We have setup shared folders as email work queues that rules direct the email directed to the particular teams into as shared work queues. The staff move these into Work In Progress folders that are assigned to them. They all have access to each others for backup purposes. ALL of these folders exist on one MAILBOX and are shared out to the users utilizing TREECAST Produc...

Web resources about - BorderManager Transparent Proxy issue - novell.bordermanager.proxies

NetIQ eDirectory - Wikipedia, the free encyclopedia
This article includes a list of references , related reading or external links , but its sources remain unclear because it lacks inline citations ...

Novell - Blackboard
Novell helped invent the corporate network in the early 1980s and continues to drive technology for business today. Network software began with ...

Information
The site is using a web proxy cache , such as Novell BorderManager FastCache , Apache Traffic Server or a server running the open source Squid ...

Novell BorderManager 3.9
Novell BorderManager offers robust Internet access controls, content filtering capabilities, secure VPN services and firewall services supported ...

Patch Finder
... of your choice. Standard Select Select a Product Access Governance Access Manager Account Management (NAM) Apache AppArmor Audit BorderManager ...

Press Releases - SuperLumin
June 11, 2013 SuperLumin Event Proxy Provides 5,000 Attendees with High-Speed Web Browsing Experience at Adobe MAX Conference May 7, 2013 ...

Support - SUSE
SUSE's world class support organization offers customers the best support experience in the industry.

Novell - Wikipedia, the free encyclopedia
Novell, Inc. / n oʊ ˈ v ɛ l / is an American multinational software and services company headquartered in Provo, Utah . It has been instrumental ...

Novell - Wikipedia, the free encyclopedia
Novell, Inc. / n oʊ ˈ v ɛ l / is a software and services company. It is a wholly owned subsidiary of The Attachmate Group . It specializes in ...

IPX/SPX - Wikipedia, the free encyclopedia
IPX and SPX are derived from Xerox Network Systems ' IDP and SPP protocols, respectively. IPX is a network layer protocol (layer 3 of the OSI ...

Resources last updated: 2/5/2016 4:14:56 AM