IronPort WSA with Authentication unable to access 2 character do

Jeffrey Ness · ‎09-24-2012

I've discovered an issue requiring user authentication and some of the short url sites likes e2.ma will not load in Internet Explorer explicitly configured to go through an IronPort WSA. In testing with bogus domains (a.to, aa.to) it seems the issue is if the domain name is 1-2 characters and the top level domain name is also 2 characters long. Longer domains (aaa.to) work and return an IronPort error for DNS_FAIL. Does anyone know of a workaround to not have to allow all these as unauthenticated destinations?

Chris Illsley · ‎09-25-2012

Hello,

Had a test of this with a different proxy server and no proxy server, all the same, it's an IE thing, there is a workaround below:

http://drupal.org/node/280623

Thanks

Chris

Jeffrey Ness · ‎09-25-2012

Support pointed me towards that KB article as well, but it is for IE 5 (and fixed in IE 6), but IE 8+ uses a TLD list from Microsoft (visible by using res://urlmon.dll/ietldlist.xml) and I don't control the external website. I'm going to try using an IP address surrogate instead of session cookies for these domains and see if that resolves this.

Jeffrey Ness · ‎09-26-2012

Just in case anyone else runs into this using IP address surrogates can work, but care must be taken on the timers to not cause issues with any other session cookie surrogates.

Chris Illsley · ‎10-10-2012

Just had the same request, as Jeffrey suggested, created a Custom URL category and created an identity based on this using IP surrogates and it works fine.

Ken Stieers · ‎10-10-2012

GAH! here's an old article from the Ironport KB

https://ironport.custhelp.com/app/answers/detail/a_id/1519/kw/wccp

IronPort WSA with Authentication unable to access 2 character domain names with 2 character TLDNs