bro's HTTP Tunneling References
오후 12:20 2002-06-05
조경민 bro@shinbiro.com
======================================================================
방화벽이란?
사내 사설망으로 들어오거나 나가는 패킷을 막아 보안을 강화하기 위한
소프트웨어나 하드웨어.
방식으로 그때 그때 마다 오가는 패킷의 ip헤더의 IP및 포트를 보고 막는
패킷필터링 방식과 프로토콜을 필터하는 프로토콜 필터링 방식, 그리고
두개를 혼합한 하이브리드 방식이 있다.
이중 패킷필터링 방식은 보통 방화벽은 outbound(나가는) 80포트는 열어
둠으로 HTTP-Tunneling 필요없이 그냥 80포트로 나가게 하면 된다.
(서버는 80포트로 리슨해야 한다는 말이다. 중계서버가 없이는 다른 방도가 없다. )
그러나 프로토콜 방식을 쓰는 방화벽은 HTTP-Tunneling을 이용해서 다른
포트로 리슨하는 서버로 outbound 할 수 있다.
프록시는 방화벽기능과 캐쉬기능을 갖는 소프트웨어, 하드웨어며, squid나
ms ISA 혹은 msproxy( ISA 전버전)같은 것들이다. HTTP-Tunneling은 보통
프록시 서버를 통과하기 위해서 만들어졌다고 보면 된다.
-------------------------------------
Which kind of proxy server are you going to use?
- HTTP: you should send your request using standard HTTP GET or POST
requests (HTTP 1.1 supports the CONNECT request that opens a "tunnel"
between the host and the server)
- SOCKS proxy: see RFC 1928(?)
- WinSock proxy: you can use windows sockets directly without an
intermediate protocol. You should use a dedicated tcp/ip port (over 4000)
and enable TCP/IP connections on this port on the proxy and/or firewalls.
-----------------------------------
google news group
어떻게 프록시를 넘어서서 다른 서버로 연결 할 수 있는가?
a) u simply connect on port 80
b) u use the SSL Proxy Function CONNECT of HTTP-Proxies
c) u construct a real HTTP/1.1 protocol session
(post your data, get responses back)
b)와 c)가 자주 쓰이며, b>는 구현하기 쉽고, c>는 모든 프록시에서 잘 동작
할 것이다.
=====================
Luotonen, A., Tunneling TCP based protocols through Web proxy servers, Work in Progress. [jg647]
-----------------------
글쓴이:Paul Chitescu (pchitescu@pchitescu.myIP.org)
제목:Re: tunneling proxies
뉴스그룹:microsoft.public.win32.programmer.networks
View: Complete Thread (2 articles) | Original Format
날짜:2000-09-15 03:03:43 PST
mordehai guri wrote:
>
> hello
>
> i have a client - server system with TCP connection between them
> the problem is that if the client is behind proxy he can not connect to
> server,
> my idea was to manage virtual http connection that proxy accept
> and wrap my connection with http connection
>
> is that idea good enough?
>
> tnx
Depends on what the proxy accepts. If it allows the CONNECT method you
can use it as TCP forwarder. If not, you must adhere to the HTTP protocol
and be prepared to be disconnected after a transaction.
C: client
S: server
P: proxy
Method 1:
C: <connects to proxy port>
C: CONNECT the.server.host:portnum HTTP/1.1
C: Host: the.server.host:portnum
C: Proxy-Autorization: if/whatever required
C: <sends empty line>
P: <connects to the.server.host, port portnum>
P: HTTP/1.x 200 OK, forwarding starts <--- you must verify the 200
P: Some-other-headers:
P: <sends empty line>
<proxy forwards data between client and server>
or
P: HTTP/1.x error-number error-text
P: Some-other-headers:
P: <sends empty line>
P: <may close connection or not>
Method 2:
C: <connects to proxy port>
C: POST http://the.server.host:portnum/something HTTP/1.0
C: Host: the.server.host:portnum
C: Proxy-Autorization: if/whatever required
C: Connection: Keep-Alive
C: Content-Type: application/octet-stream
C: Content-Length: data packet 1 length in bytes
C: <sends empty line>
C: <sends Content-Length 1 bytes>
<now proxy talks to server>
P: <connects to the.server.host, port portnum>
P: POST /something HTTP/1.1
P: Host: the.server.host:portnum
P: Connection: Keep-Alive
P: Content-Type: application/octet-stream
P: Content-Length: data packet 1 length in bytes
P: <sends empty line>
P: <sends Content-Length 1 bytes>
S: HTTP/1.0 200 OK
S: Server: my-server-type
S: Content-Type: application/octet-stream
S: Content-Length: data packet 2 length in bytes
S: Some-other-headers:
S: <sends empty line>
S: <sends Content-Length bytes>
<proxy may close connection to server>
<server may close connection to proxy>
<now proxy talks to client>
P: HTTP/1.0 200 OK
P: Server: my-server-type
P: Content-Type: application/octet-stream
P: Content-Length: data packet 2 length in bytes
P: Some-other-headers:
P: <sends empty line>
P: <sends Content-Length 2 bytes>
<proxy may close connection to client>
<client may close connection to proxy>
You must be prepared to receive an error from the proxy before finishing
to send the data.
--
Paul Chitescu
pchitescu@pchitescu.myip.org pchitescu@MetroNet.RO.EU.org
http://pchitescu.myip.org/ http://PaulC.MetroNet.RO.EU.org/
ICQ:22641673
-------------
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q300707
: Invalid Content-Length Header May Cause Requests to Fail Through ISA Server (Q300707)
================
CONNECT authority HTTP/1.1\r\n\r\n
Host : ip:포트
-------------------------------------------
[RFC2817] Upgrading to TLS Within HTTP/1.1
5.2 Requesting a Tunnel with CONNECT
A CONNECT method requests that a proxy establish a tunnel connection
on its behalf. The Request-URI portion of the Request-Line is always
an 'authority' as defined by URI Generic Syntax [2], which is to say
the host name and port number destination of the requested connection
separated by a colon:
CONNECT server.example.com:80 HTTP/1.1
Host: server.example.com:80
Other HTTP mechanisms can be used normally with the CONNECT method --
except
end-to-end protocol Upgrade requests, of course, since the
tunnel must be
established first.
For example, proxy authentication might be used to establish the
authority to create a tunnel:
CONNECT server.example.com:80 HTTP/1.1
Host: server.example.com:80
Proxy-Authorization: basic aGVsbG86d29ybGQ=
Like any other pipelined HTTP/1.1 request, data to be tunneled may be
sent immediately after the blank line. The usual caveats also apply:
data may be discarded if the eventual response is negative, and the
connection may be reset with no response if more than one TCP segment
is outstanding.
-----------------------------------
ISA SSL 관련
How to Publish SSL Web Sites by Using Server Publishing
--------------------------------------------------------------------------------
The information in this article applies to:
Microsoft Internet Security and Acceleration Server 2000
Microsoft Small Business Server 2000
Microsoft BackOffice Server 2000
--------------------------------------------------------------------------------
SUMMARY
You can publish Secure Sockets Layer (SSL) Web sites in several ways. You can use Web publishing to publish SSL Web sites. This method requires the movement of the SSL Web site certificate to the ISA server. For additional information about this method, click the article number below to view the article in the Microsoft Knowledge Base:
Q292569 How to Set Up ISA Server to Host Web Sites by Using SSL
You can also use server publishing to publish SSL Web sites, and this method is described in this article. This method maps port 443 on the external interface through to the internal Web server on port 443 and provides the ability set up SSL without moving the SSL certificate from the internal Web server.
NOTE : Server publishing is the only method for you can use to publish an SSL site with Microsoft Internet Information Services (IIS) 3.0. IIS 3.0 does not have the capability to export an SSL certificate, so you cannot use Web publishing with ISA.
MORE INFORMATION
How to Server Publish an SSL Site by Using ISA
WARNING : Before you can configure ISA to publish any internal Web site, you should not be running IIS on the ISA server. By default, IIS takes control of ports 80 and 443 on all IP address. Please remove IIS or use the information that is included in the following Microsoft Knowledge Base article to prevent IIS from binding to all interfaces.
Q238131 How to Disable Socket Pooling
To server publish an SSL site by using ISA:
Start the ISA management console, right-click the Server publishing rule, and then click New rule .
Name the rule that you are creating, for example, "SSL Web site", and then click Next .
Type the address of your internal Web site that will process the SSL traffic, select the appropriate address for the external interface, and then click Next .
Click the HTTPS protocol, and then click Next .
Select the appropriate client set. Note that if the server is used by computers that are on the Internet, Any request would be appropriate.
Click Next , and then click Finish .
Stop the Firewall service, and then restart it.
Your SSL Web site should now be available on the external IP address of the ISA server. You may have to make DNS host record changes as appropriate to your environment to direct people to this address for your site.
-----------------------------
ISA SSL 관련2
How to Enable PPTP Clients to Connect Through an ISA Firewall
--------------------------------------------------------------------------------
The information in this article applies to:
Microsoft Internet Security and Acceleration Server 2000
--------------------------------------------------------------------------------
SUMMARY
This article describes how to enable Point-to-Point Tunneling Protocol (PPTP) clients to connect through an Internet Security and Acceleration (ISA) firewall.
MORE INFORMATION
To allow internal clients to create PPTP connections to an endpoint on the public side of an ISA firewall, you have to explicitly configure the PPTP pass through in the ISA Management program.
To enable PPTP client connections through an ISA firewall, follow these steps:
Start the ISA Management program, and then click Access Policy .
Right-click IP Packet Filters , and then click Properties .
On the General tab, click to select Enable IP Routing .
On the PPTP tab, click to select the PPTP through ISA firewall box.
This enables PPTP through the ISA server, and creates a filter labeled, "SecureNAT PPTP". By doing so, PPTP sessions can be created through the firewall.
Note : You will not be able to use a PPTP connection by using either the Winsock Proxy Client, or the ISA Firewall Client. Clients will require a Gateway address to provide a network route through the ISA server for PPTP connections to be made successfully.
REFERENCES
For additional information about how to enable dial-out access for ISA, Winsock Proxy, Firewall and SecureNAT clients, click the article number below to view the article in the Microsoft Knowledge Base:
Q283635 Enabling Dial-Out Access ISA Winsock Proxy, Firewall, and SecureNAT Clients
---------------------------------------------------
글쓴이:Phil McGuinness (heyphil@sherlock.com.au)
제목:XP problem worth noting
뉴스그룹:comp.lang.clipper.visual-objects
View: Complete Thread (2 articles) | Original Format
날짜:2001-12-04 14:00:39 PST
Here is a problem you might run into which took us a while to troubleshoot.
I have a WinXP Pro PC on a Win2k network (with AD) - all Win2k Pro PC's were
fine with the exception of the WinXP clients - the XP clients could resolve
and ping names/IP's but could not connect to internet hosts via telnet, SSL,
RDP, ICA and so on. All Win2k Pro and XP Pro clients had to pass through the
ISA server, so they required the firewall client to be installed.
Products: Windows XP Professional
ISA server 3.0
Symptoms
- Can ping public addresses but not connect to them
- Can't telnet public IP from firewall client
- Can't connect to RDP/ICA/PcAnywhere hosts on internet
- Can't access FTP sites
- Can't access external hosts
These scenarios would occur even if your ISA configuration was correct
If ISA was configured to allow all IP from internal network to external
network (including resolving pings) and you could ping external IP addresses
but could not connect to them using ICA, RDP, PC Anywhere and other
applications.
This would also include SSL, FTP, telnet and other connections (not every
protocol was tested).
Problem
- If you upgraded from Win2k Pro to WindowsXP Pro and had ISA client
installed, then removed and then re-installed it - you would experience this
problem.
- If you performed a clean installed of WindowsXP Pro then installed
Firewall client
- You experience LDAP issues on your WinXP client when connecting to
PDC
- You are unable to use the REPAIR feature on your NIC
- ARP cache is corrupted
- LDAP communication with server is not behaving
Cause
Firewall client incompatibility issue
Seemed to interfere with DNS server and LDAP protocol as WinXP uses
SECURENET?!?!
Resolution
- Locate the %PROGRAMFILES%\Microsoft Firewall
Client\internal_setup\I386\ISATRAY.EXE
- Right click the file and choose properties
- Go to the Compatibility tab
- Under Compatibility Mode, tick the check box "Run this program in
Compatibility mode for" and select "Windows 2000" from the drop down menu
- Click Apply (the green arrow to indicate client is enabled should
appear)
- If not, go to the security tab and check the permissions for the
user and administrators
There are no MS articles on this issue.
--------------------
http://groups.google.com/groups?q=re%3A+ISA+Server+is+not+configured+to+allow+SSL&hl=ko
구굴
http://groups.google.com/groups?q=re:+HTTP/1.1+CONNECT+protocol&hl=ko&lr=&start=90&sa=N
오후 12:20 2002-06-05
조경민 bro@shinbiro.com
======================================================================
방화벽이란?
사내 사설망으로 들어오거나 나가는 패킷을 막아 보안을 강화하기 위한
소프트웨어나 하드웨어.
방식으로 그때 그때 마다 오가는 패킷의 ip헤더의 IP및 포트를 보고 막는
패킷필터링 방식과 프로토콜을 필터하는 프로토콜 필터링 방식, 그리고
두개를 혼합한 하이브리드 방식이 있다.
이중 패킷필터링 방식은 보통 방화벽은 outbound(나가는) 80포트는 열어
둠으로 HTTP-Tunneling 필요없이 그냥 80포트로 나가게 하면 된다.
(서버는 80포트로 리슨해야 한다는 말이다. 중계서버가 없이는 다른 방도가 없다. )
그러나 프로토콜 방식을 쓰는 방화벽은 HTTP-Tunneling을 이용해서 다른
포트로 리슨하는 서버로 outbound 할 수 있다.
프록시는 방화벽기능과 캐쉬기능을 갖는 소프트웨어, 하드웨어며, squid나
ms ISA 혹은 msproxy( ISA 전버전)같은 것들이다. HTTP-Tunneling은 보통
프록시 서버를 통과하기 위해서 만들어졌다고 보면 된다.
-------------------------------------
Which kind of proxy server are you going to use?
- HTTP: you should send your request using standard HTTP GET or POST
requests (HTTP 1.1 supports the CONNECT request that opens a "tunnel"
between the host and the server)
- SOCKS proxy: see RFC 1928(?)
- WinSock proxy: you can use windows sockets directly without an
intermediate protocol. You should use a dedicated tcp/ip port (over 4000)
and enable TCP/IP connections on this port on the proxy and/or firewalls.
-----------------------------------
google news group
어떻게 프록시를 넘어서서 다른 서버로 연결 할 수 있는가?
a) u simply connect on port 80
b) u use the SSL Proxy Function CONNECT of HTTP-Proxies
c) u construct a real HTTP/1.1 protocol session
(post your data, get responses back)
b)와 c)가 자주 쓰이며, b>는 구현하기 쉽고, c>는 모든 프록시에서 잘 동작
할 것이다.
=====================
Luotonen, A., Tunneling TCP based protocols through Web proxy servers, Work in Progress. [jg647]
-----------------------
글쓴이:Paul Chitescu (pchitescu@pchitescu.myIP.org)
제목:Re: tunneling proxies
뉴스그룹:microsoft.public.win32.programmer.networks
View: Complete Thread (2 articles) | Original Format
날짜:2000-09-15 03:03:43 PST
mordehai guri wrote:
>
> hello
>
> i have a client - server system with TCP connection between them
> the problem is that if the client is behind proxy he can not connect to
> server,
> my idea was to manage virtual http connection that proxy accept
> and wrap my connection with http connection
>
> is that idea good enough?
>
> tnx
Depends on what the proxy accepts. If it allows the CONNECT method you
can use it as TCP forwarder. If not, you must adhere to the HTTP protocol
and be prepared to be disconnected after a transaction.
C: client
S: server
P: proxy
Method 1:
C: <connects to proxy port>
C: CONNECT the.server.host:portnum HTTP/1.1
C: Host: the.server.host:portnum
C: Proxy-Autorization: if/whatever required
C: <sends empty line>
P: <connects to the.server.host, port portnum>
P: HTTP/1.x 200 OK, forwarding starts <--- you must verify the 200
P: Some-other-headers:
P: <sends empty line>
<proxy forwards data between client and server>
or
P: HTTP/1.x error-number error-text
P: Some-other-headers:
P: <sends empty line>
P: <may close connection or not>
Method 2:
C: <connects to proxy port>
C: POST http://the.server.host:portnum/something HTTP/1.0
C: Host: the.server.host:portnum
C: Proxy-Autorization: if/whatever required
C: Connection: Keep-Alive
C: Content-Type: application/octet-stream
C: Content-Length: data packet 1 length in bytes
C: <sends empty line>
C: <sends Content-Length 1 bytes>
<now proxy talks to server>
P: <connects to the.server.host, port portnum>
P: POST /something HTTP/1.1
P: Host: the.server.host:portnum
P: Connection: Keep-Alive
P: Content-Type: application/octet-stream
P: Content-Length: data packet 1 length in bytes
P: <sends empty line>
P: <sends Content-Length 1 bytes>
S: HTTP/1.0 200 OK
S: Server: my-server-type
S: Content-Type: application/octet-stream
S: Content-Length: data packet 2 length in bytes
S: Some-other-headers:
S: <sends empty line>
S: <sends Content-Length bytes>
<proxy may close connection to server>
<server may close connection to proxy>
<now proxy talks to client>
P: HTTP/1.0 200 OK
P: Server: my-server-type
P: Content-Type: application/octet-stream
P: Content-Length: data packet 2 length in bytes
P: Some-other-headers:
P: <sends empty line>
P: <sends Content-Length 2 bytes>
<proxy may close connection to client>
<client may close connection to proxy>
You must be prepared to receive an error from the proxy before finishing
to send the data.
--
Paul Chitescu
pchitescu@pchitescu.myip.org pchitescu@MetroNet.RO.EU.org
http://pchitescu.myip.org/ http://PaulC.MetroNet.RO.EU.org/
ICQ:22641673
-------------
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q300707
: Invalid Content-Length Header May Cause Requests to Fail Through ISA Server (Q300707)
================
CONNECT authority HTTP/1.1\r\n\r\n
Host : ip:포트
-------------------------------------------
[RFC2817] Upgrading to TLS Within HTTP/1.1
5.2 Requesting a Tunnel with CONNECT
A CONNECT method requests that a proxy establish a tunnel connection
on its behalf. The Request-URI portion of the Request-Line is always
an 'authority' as defined by URI Generic Syntax [2], which is to say
the host name and port number destination of the requested connection
separated by a colon:
CONNECT server.example.com:80 HTTP/1.1
Host: server.example.com:80
Other HTTP mechanisms can be used normally with the CONNECT method --
except
end-to-end protocol Upgrade requests, of course, since the
tunnel must be
established first.
For example, proxy authentication might be used to establish the
authority to create a tunnel:
CONNECT server.example.com:80 HTTP/1.1
Host: server.example.com:80
Proxy-Authorization: basic aGVsbG86d29ybGQ=
Like any other pipelined HTTP/1.1 request, data to be tunneled may be
sent immediately after the blank line. The usual caveats also apply:
data may be discarded if the eventual response is negative, and the
connection may be reset with no response if more than one TCP segment
is outstanding.
-----------------------------------
ISA SSL 관련
How to Publish SSL Web Sites by Using Server Publishing
--------------------------------------------------------------------------------
The information in this article applies to:
Microsoft Internet Security and Acceleration Server 2000
Microsoft Small Business Server 2000
Microsoft BackOffice Server 2000
--------------------------------------------------------------------------------
SUMMARY
You can publish Secure Sockets Layer (SSL) Web sites in several ways. You can use Web publishing to publish SSL Web sites. This method requires the movement of the SSL Web site certificate to the ISA server. For additional information about this method, click the article number below to view the article in the Microsoft Knowledge Base:
Q292569 How to Set Up ISA Server to Host Web Sites by Using SSL
You can also use server publishing to publish SSL Web sites, and this method is described in this article. This method maps port 443 on the external interface through to the internal Web server on port 443 and provides the ability set up SSL without moving the SSL certificate from the internal Web server.
NOTE : Server publishing is the only method for you can use to publish an SSL site with Microsoft Internet Information Services (IIS) 3.0. IIS 3.0 does not have the capability to export an SSL certificate, so you cannot use Web publishing with ISA.
MORE INFORMATION
How to Server Publish an SSL Site by Using ISA
WARNING : Before you can configure ISA to publish any internal Web site, you should not be running IIS on the ISA server. By default, IIS takes control of ports 80 and 443 on all IP address. Please remove IIS or use the information that is included in the following Microsoft Knowledge Base article to prevent IIS from binding to all interfaces.
Q238131 How to Disable Socket Pooling
To server publish an SSL site by using ISA:
Start the ISA management console, right-click the Server publishing rule, and then click New rule .
Name the rule that you are creating, for example, "SSL Web site", and then click Next .
Type the address of your internal Web site that will process the SSL traffic, select the appropriate address for the external interface, and then click Next .
Click the HTTPS protocol, and then click Next .
Select the appropriate client set. Note that if the server is used by computers that are on the Internet, Any request would be appropriate.
Click Next , and then click Finish .
Stop the Firewall service, and then restart it.
Your SSL Web site should now be available on the external IP address of the ISA server. You may have to make DNS host record changes as appropriate to your environment to direct people to this address for your site.
-----------------------------
ISA SSL 관련2
How to Enable PPTP Clients to Connect Through an ISA Firewall
--------------------------------------------------------------------------------
The information in this article applies to:
Microsoft Internet Security and Acceleration Server 2000
--------------------------------------------------------------------------------
SUMMARY
This article describes how to enable Point-to-Point Tunneling Protocol (PPTP) clients to connect through an Internet Security and Acceleration (ISA) firewall.
MORE INFORMATION
To allow internal clients to create PPTP connections to an endpoint on the public side of an ISA firewall, you have to explicitly configure the PPTP pass through in the ISA Management program.
To enable PPTP client connections through an ISA firewall, follow these steps:
Start the ISA Management program, and then click Access Policy .
Right-click IP Packet Filters , and then click Properties .
On the General tab, click to select Enable IP Routing .
On the PPTP tab, click to select the PPTP through ISA firewall box.
This enables PPTP through the ISA server, and creates a filter labeled, "SecureNAT PPTP". By doing so, PPTP sessions can be created through the firewall.
Note : You will not be able to use a PPTP connection by using either the Winsock Proxy Client, or the ISA Firewall Client. Clients will require a Gateway address to provide a network route through the ISA server for PPTP connections to be made successfully.
REFERENCES
For additional information about how to enable dial-out access for ISA, Winsock Proxy, Firewall and SecureNAT clients, click the article number below to view the article in the Microsoft Knowledge Base:
Q283635 Enabling Dial-Out Access ISA Winsock Proxy, Firewall, and SecureNAT Clients
---------------------------------------------------
글쓴이:Phil McGuinness (heyphil@sherlock.com.au)
제목:XP problem worth noting
뉴스그룹:comp.lang.clipper.visual-objects
View: Complete Thread (2 articles) | Original Format
날짜:2001-12-04 14:00:39 PST
Here is a problem you might run into which took us a while to troubleshoot.
I have a WinXP Pro PC on a Win2k network (with AD) - all Win2k Pro PC's were
fine with the exception of the WinXP clients - the XP clients could resolve
and ping names/IP's but could not connect to internet hosts via telnet, SSL,
RDP, ICA and so on. All Win2k Pro and XP Pro clients had to pass through the
ISA server, so they required the firewall client to be installed.
Products: Windows XP Professional
ISA server 3.0
Symptoms
- Can ping public addresses but not connect to them
- Can't telnet public IP from firewall client
- Can't connect to RDP/ICA/PcAnywhere hosts on internet
- Can't access FTP sites
- Can't access external hosts
These scenarios would occur even if your ISA configuration was correct
If ISA was configured to allow all IP from internal network to external
network (including resolving pings) and you could ping external IP addresses
but could not connect to them using ICA, RDP, PC Anywhere and other
applications.
This would also include SSL, FTP, telnet and other connections (not every
protocol was tested).
Problem
- If you upgraded from Win2k Pro to WindowsXP Pro and had ISA client
installed, then removed and then re-installed it - you would experience this
problem.
- If you performed a clean installed of WindowsXP Pro then installed
Firewall client
- You experience LDAP issues on your WinXP client when connecting to
PDC
- You are unable to use the REPAIR feature on your NIC
- ARP cache is corrupted
- LDAP communication with server is not behaving
Cause
Firewall client incompatibility issue
Seemed to interfere with DNS server and LDAP protocol as WinXP uses
SECURENET?!?!
Resolution
- Locate the %PROGRAMFILES%\Microsoft Firewall
Client\internal_setup\I386\ISATRAY.EXE
- Right click the file and choose properties
- Go to the Compatibility tab
- Under Compatibility Mode, tick the check box "Run this program in
Compatibility mode for" and select "Windows 2000" from the drop down menu
- Click Apply (the green arrow to indicate client is enabled should
appear)
- If not, go to the security tab and check the permissions for the
user and administrators
There are no MS articles on this issue.
--------------------
http://groups.google.com/groups?q=re%3A+ISA+Server+is+not+configured+to+allow+SSL&hl=ko
구굴
http://groups.google.com/groups?q=re:+HTTP/1.1+CONNECT+protocol&hl=ko&lr=&start=90&sa=N
'KB > MFC/Win32' 카테고리의 다른 글
| Task Scheduler SDK를 이용한 Idle Trigger 생성 예제 (0) | 2004.03.19 |
|---|---|
| hWnd로 프로세스 메모리 쓰기/읽기 (0) | 2004.03.19 |
| HTML코드를 임시파일로 저장한 파일 URL얻기 (0) | 2004.03.19 |
| HTML 리소스에 넣어 Navigate 하기 (0) | 2004.03.19 |
| [winsock] 내 아이피 얻기 (0) | 2004.03.19 |