cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1198
Views
5
Helpful
5
Replies

IronPort WSA with Authentication unable to access 2 character domain names with 2 character TLDNs

Jeffrey Ness
Level 1
Level 1

I've discovered an issue requiring user authentication and some of the short url sites likes e2.ma will not load in Internet Explorer explicitly configured to go through an IronPort WSA. In testing with bogus domains (a.to, aa.to) it seems the issue is if the domain name is 1-2 characters and the top level domain name is also 2 characters long. Longer domains (aaa.to) work and return an IronPort error for DNS_FAIL. Does anyone know of a workaround to not have to allow all these as unauthenticated destinations?

5 Replies 5

Chris Illsley
Level 3
Level 3

Hello,

Had a test of this with a different proxy server and no proxy server, all the same, it's an IE thing, there is a workaround below:

http://drupal.org/node/280623

Thanks

Chris

Support pointed me towards that KB article as well, but it is for IE 5 (and fixed in IE 6), but IE 8+ uses a TLD list from Microsoft (visible by using res://urlmon.dll/ietldlist.xml) and I don't control the external website. I'm going to try using an IP address surrogate instead of session cookies for these domains and see if that resolves this.

Just in case anyone else runs into this using IP address surrogates can work, but care must be taken on the timers to not cause issues with any other session cookie surrogates.

Just had the same request, as Jeffrey suggested, created a Custom URL category and created an identity based on this using IP surrogates and it works fine.

GAH! here's an old article from the Ironport KB

https://ironport.custhelp.com/app/answers/detail/a_id/1519/kw/wccp