Hello All,

I am using Border Manager 3.7 SP3 with field patch 4C on Netware 6
SP3. I am having trouble browsing SSL sites using the transparent
proxy with the filters (IPFLT) loaded. If I unload the filters, I am
able to browse SSL sites and if I manually enter the proxy server
information into IE, I am also able to browse SSL successfully. My
filters.cfg and proxy.cfg (copied from Craig's Website) files are
listed below.

The version of the transparent proxy is the one from FP4C:
Version 1.5 Novell Client Trust for Client 32 (4.00.100)
(c) Copyright 1998 by Novell Inc. All rights reserved.

Any help would be GREATLY appreciated!

Thanks!

# FILE: FILTERS.CFG
#
# Filter Database. This file is maintained by the Filter Services NLM.
# *** IMPORTANT ***
# TAMPERING WITH THIS FILE MAY CAUSE SEVERE MALFUNCTIONING OF THE
SYSTEM.
#-------------------------------------------------------------------------

VERSION 1.3

GLOBAL-IP-LOG DISABLED
GLOBAL-IPX-LOG DISABLED

IP-NOT-MATCHING-FLT-EXCEPTION-LIST-LOG DISABLED
IPX-NOT-MATCHING-FLT-EXCEPTION-LIST-LOG DISABLED


PACKET-FILTER-LIST IP, ENABLED, DENY
FILTER ENABLED NOLOG, INTRFACE:<Any>, IP:pid=IP,
INTRFACE:CE100B_1, Added by BRDCFG to block all IP packets.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=TCP port=110
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:CE100B_1 IP:192.168.0.10,
Added by BRDCFG to allow mail proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=TCP port=25
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:CE100B_1 IP:192.168.0.10,
Added by BRDCFG to allow mail proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=57,
INTRFACE:CE100B_1 IP:192.168.0.10, Added by BRDCFG to allow SKIP
Protocol for VPN.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=UDP port=353
srcport=<All> stfilt=1, INTRFACE:CE100B_1 IP:192.168.0.10, Added by
BRDCFG to allow VPN Client Keep-Alive & Disconnect.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=TCP port=353
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:CE100B_1 IP:192.168.0.10,
Added by BRDCFG to allow VPN Client Authentication.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=UDP port=2010
srcport=<All> stfilt=1, INTRFACE:CE100B_1 IP:192.168.0.10, Added by
BRDCFG to allow VPN Master/Slave communication.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=TCP port=213
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:CE100B_1 IP:192.168.0.10,
Added by BRDCFG to allow VPN Master/Slave communication.
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1 IP:192.168.0.10,
IP:pid=UDP port=2010 srcport=<All> stfilt=1, INTRFACE:<Any>, Added by
BRDCFG to allow VPN Master/Slave communication.
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1 IP:192.168.0.10,
IP:pid=TCP port=213 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow VPN Master/Slave communication.
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1 IP:192.168.0.10,
IP:pid=TCP port=23 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow transparent telnet proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1 IP:192.168.0.10,
IP:pid=UDP port=53 srcport=<All> stfilt=1, INTRFACE:<Any>, Added by
BRDCFG to allow DNS proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1 IP:192.168.0.10,
IP:pid=TCP port=53 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow DNS proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1 IP:192.168.0.10,
IP:pid=TCP port=554 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow RTSP proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1 IP:192.168.0.10,
IP:pid=TCP port=7070 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow Real Audio proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1 IP:192.168.0.10,
IP:pid=TCP port=119 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow news proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1 IP:192.168.0.10,
IP:pid=TCP port=110 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow mail proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1 IP:192.168.0.10,
IP:pid=TCP port=25 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow mail proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1 IP:192.168.0.10,
IP:pid=TCP port=21 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow FTP proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1 IP:192.168.0.10,
IP:pid=TCP port=443 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow secure HTTP.
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1 IP:192.168.0.10,
IP:pid=TCP port=80 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow HTTP proxy.
FILTER ENABLED NOLOG, INTRFACE:CE100B_1, IP:pid=IP,
INTRFACE:<Any>, Added by BRDCFG to block all IP packets.

PACKET-FILTER-LIST IPX, ENABLED, DENY
FILTER ENABLED NOLOG, INTRFACE:<Any>, IPX:pkt_type=FF socket=FFFF
srcsocket=FFFF, INTRFACE:CE100B_1, Added by BRDCFG to block all IPX
packets.
FILTER ENABLED NOLOG, INTRFACE:CE100B_1, IPX:pkt_type=FF
socket=FFFF srcsocket=FFFF, INTRFACE:<Any>, Added by BRDCFG to block
all IPX packets.

SERVICE-FILTER-LIST ADVERTISE, APPLETLK, DISABLED, DENY

SERVICE-FILTER-LIST ADVERTISE, IPX, ENABLED, DENY
FILTER ENABLED NOLOG, IPXSAP:FFFF, *, GROUP:<ANY>,
INTRFACE:CE100B_1, Added by BRDCFG to block all IPX SAP traffic.

SERVICE-FILTER-LIST ACCEPT, IPX, ENABLED, DENY
FILTER ENABLED NOLOG, IPXSAP:FFFF, *, GROUP:<ANY>,
INTRFACE:CE100B_1, Added by BRDCFG to block all IPX SAP traffic.

ROUTE-FILTER-LIST ADVERTISE, APPLETLK, DISABLED, DENY

ROUTE-FILTER-LIST ACCEPT, APPLETLK, DISABLED, DENY

ROUTE-FILTER-LIST ADVERTISE, OSPF, ENABLED, DENY
FILTER ENABLED NOLOG, GROUP:<ANY>, GROUP:<ANY>, m=, Added by
BRDCFG to block all IP OSPF traffic.

ROUTE-FILTER-LIST ADVERTISE, EGP, ENABLED, DENY
FILTER ENABLED NOLOG, GROUP:<ANY>, INTRFACE:CE100B_1, m=, Added by
BRDCFG to block all IP EGP traffic.

ROUTE-FILTER-LIST ACCEPT, EGP, ENABLED, DENY
FILTER ENABLED NOLOG, GROUP:<ANY>, INTRFACE:CE100B_1, m=, Added by
BRDCFG to block all IP EGP traffic.

ROUTE-FILTER-LIST ADVERTISE, IP, ENABLED, DENY
FILTER ENABLED NOLOG, GROUP:<ANY>, INTRFACE:CE100B_1, m=, Added by
BRDCFG to block all IP RIP traffic.

ROUTE-FILTER-LIST ACCEPT, IP, ENABLED, DENY
FILTER ENABLED NOLOG, GROUP:<ANY>, INTRFACE:CE100B_1, m=, Added by
BRDCFG to block all IP RIP traffic.

ROUTE-FILTER-LIST ADVERTISE, IPX, ENABLED, DENY
FILTER ENABLED NOLOG, IPX:00000000/00000000, INTRFACE:CE100B_1,
<none>, Added by BRDCFG to block all IPX RIP traffic.

ROUTE-FILTER-LIST ACCEPT, IPX, ENABLED, DENY
FILTER ENABLED NOLOG, IPX:00000000/00000000, INTRFACE:CE100B_1,
<none>, Added by BRDCFG to block all IPX RIP traffic.

; revision 12, Craig Johnson, June 7, 2004
; Edited by Marc Mansfield 7/19/2004
; http://www.craigjconsulting.com
; settings for patched BM 3.7 and 3.8 servers (Should be fine with
earlier
; versions, though some settings will do nothing if the version of
proxy
; doesn't support them).
; You can patch BorderManager 3.5 and 3.6 with certain portions
; of BorderManage 3.7 patches - see tip #1 at www.craigjconsulting.com

; See Novell TID 10059667 for documentation on many of these options.

; Depending on your BorderManager version and patch level, many of
; these settings may be at the default values.

[BM Cookie]
BM_Forward_Cookie=0

[HTTP Streaming]
;The line below fixes the HTTP streaming bug,
;but breaks WindowsUpdate, unless using proxy dated 2003 or later.
; You should have persistent connections enabled in NWADMN32,
BorderManager
; Setup, HTTP Proxy Details.
ResetOriginServerConnAfterClientReset=1

[TransparentHTTPS]
;Next entry allows later versions of Transparent Proxy to listen on
HTTPS/SSL
HTTPSPort1=443

[Object Cache]
cut thru no CLH length=0

[Extra Configuration]
; This entry works only for BorderManager 3.8, enabling Nsure Audit
logging for proxies
; When Nsure audit logging is enabled, you should disable common,
extended and indexed logging
;EnableNsureAuditLogging=1
;
; Next entry (for proxycfg.dll version from Jan 7, 2004 or later)
allows generic
; proxy to use port 25, to replace Mail Proxy
;AllowGTCPProxyToUsePort25=1
;
; Next entry (for proxy version SMTP1, Jan 7, 2004 or later) allows
; a custom banner to be displayed in a SMTP HELO (mail proxy)
;BM_SMTP_Banner="This is a test BM SMTP Banner.Any unauthorized use of
this software would lead to legal action against the user."
;
; This entry (requires BM37FP3D or later to work) is supposed to help
proxy unload cleanly and quickly
ResBadAddressLoopBreak=1
;
; Next entry (from BM37FP3 patch) fixes caching issue with multiple
browsers on one PC
DonotCache4ContEncoding=1
;
; Next entry (from BM37Sp2) attempts to fix problems with proxy not
unloading
SCacheDestroyYieldInterval=200
;
; Next entry (from BM37Sp2) fixes problem browsing certain web sites
DoNotSendExtraCRLF = 1
;
; Next entry (from BM37Sp2) fixes problem browsing certain web sites
EnableIncomplete302ResponseFix = 0
;
; Next entry fixes a potential ABEND in BM37SP1
EnableHTTPSLogging=0
;
; Next entry prevents Macintosh tunneling to bypass rules
; "No Macs on Site" AllowHTTPTunneling=0
;
; Next entry fixes Macintosh SSL Proxy authentication problem
; "No Macs on Site" new302Redirect=1
;
; Next two entries are for BM37SP1 servers and deal
; with terminal services cookie-based authentication
; Uncomment to use that feature (see patch readme)
;EnableTerminalServerAuthentication=1
;RedirectHTTPSRequest=1
;
DoNotCacheWhenCookieFound=1
;
; If you have a Netmail Server and it has problems with pages not
; loading completely, try commenting out the following line.
;PassContentLength=0
;
IgnoreContentLength=1
;
IgnoreContentLengthCheck=1
;
OC_IgnoreContentLengthFlag=1
;
AckWithNoDataOnSYN=1
;
; The following option prevents many abends
IgnoreDuplicateChill=1
;
RestartTimeoutAfterEverySend=1
;
EnableICSPassThruFix=1
;
TurnOffPersistantPassThru=1
;
EnableNoCachePassThru=1
;
TransparentProxySupportsVirtualServers=1
;
DiscardAcceptRanges=1
;
AllowSecond220Respond=1
;
CodeRedWorkAround=1
;
UseSimplifiedErrorPage=0
;
ResolveProxyIPAddress=0
;
ScanVirusPatterns=1
;
; If this is =0, requests without a domain name
; will have the server's domain name appended
DoNotCreateFullyQualifiedHostNames=1
;
HTTPSAuthenticationSwitch=0
;
; following line should cause proxy to unload
; without saving cache memory to disk
DoNotSaveMemoryCacheDuringUnload=1
;
Line_Terminator=CR
;

; Next sections about 'authentication' are for BM37SP1 or
; later servers and deal with terminal services
; cookie-based authentication
;[Authentication Subnets]
;PrivateSubnet1=10.0.0.0/255.0.0.0
;PrivateSubnet2=10.4.5.100/255.255.252.0
;PrivateSubnet3=164.99.145.98/255.255.252.0

;[Authentication Ranges]
;PrivateRange1=100.25.4.5-100.25.4.60
;PrivateRange2=20.1.1.1-20.4.5.25

;[Authentication Addresses]
;PrivateAddr1=24.0.4.5
;PrivateAddr2=45.3.45.6
;PrivateAddr3=44.5.6.8


; Next sections are for Mail Proxy.
; If you have Mail Proxy in BorderManager 3.8, you
; can use multiple (internal) mail domain support.
; If you have earlier versions, you can only have
; a single mail domain.

; Next Section is for Mail Proxy on BorderManager 3.7 or earlier
;[BM Mail Proxy]
;BM_Domain=yourdomain.com
;BM_Incoming_Relay=0
;BM_Proxy_Domain=servername.yourdomain.com


; Next section is for Mail Proxy on BorderManager 3.8 with
; and multiple domain support. Use your smtp server IP address(es)
; and domain names.
;[Multiple Domain Support]
;MultiDomain1=192.168.10.250/yourdomain.com
;MultiDomain2=192.168.10.250/yourdomain2.com


; The remaining sections are essentially default settings to allow
; BorderManager and its miniwebserver to function correctly.

[Buffer Tracking]
Enable=0

[MiniWeb Server]
Port-Number=1959
Root-Directory=SYS:\ETC\PROXY\DATA

[MiniWeb Server: Mime Types]
Content-Type: text/html=htm,html
Content-Type: text/plain=txt,text,cla,class
Content-Type: image/gif=gif
Content-Type: image/jpeg=jpg,jpeg,jpe,jfif,pjpeg,pjp
Content-Type: image/tiff=tiff,tif
Content-Type: image/x-xbitmap=xbm
Content-Type: video/x-msvideo=avi
Content-Type: video/quicktime=qt,mov,moov
Content-Type: video/x-mpeg2=mpv2,mp2v
Content-Type: video/mpeg=mpeg,mpg,mpe,mpv,vbs,mpegv
Content-Type: audio/x-pn-realaudio=ra,ram
Content-Type: audio/x-mpeg=mpega,mp2,mpa,abs
Content-Type: audio/x-wav=wav
Content-Type: audio/x-aiff=aif,aiff,aifc
Content-Type: application/x-ns-proxy-autoconfig=pac

[Log Format]
Delimiter-Character=space

; The virus pattern configuration section allows you to have
; the Reverse Proxy block requests with certain patterns
; in the HTML code. Most of these patterns listed below
; are for Code Red and NIMDA viruses. The proxy
; can also 'autodetect' viruses and add them to a list.
; See Novell's AppNote on this from Sept. 2002.
;

[Virus Pattern Configuration]
EnablePatternAutoUpdate=1
MaxNoOfVirusPatterns=128
NoOfVirusPatterns=28
PatternSize=16
PatternStartOffset=1
VirusPattern0=scripts/..%252f.
VirusPatternoffset10=0
VirusPatternvalue10=0
VirusPatternoffset20=0
VirusPatternvalue20=0
VirusPatternorigLength0=57
VirusPattern1=scripts/..%c1%1c
VirusPatternoffset11=0
VirusPatternvalue11=0
VirusPatternoffset21=0
VirusPatternvalue21=0
VirusPatternorigLength1=58
VirusPattern2=scripts/..%c0%2f
VirusPatternoffset12=0
VirusPatternvalue12=0
VirusPatternoffset22=0
VirusPatternvalue22=0
VirusPatternorigLength2=58
VirusPattern3=scripts/..%c0%af
VirusPatternoffset13=0
VirusPatternvalue13=0
VirusPatternoffset23=0
VirusPatternvalue23=0
VirusPatternorigLength3=58
VirusPattern4=scripts/..%%35c.
VirusPatternoffset14=0
VirusPatternvalue14=0
VirusPatternoffset24=0
VirusPatternvalue24=0
VirusPatternorigLength4=57
VirusPattern5=scripts/root.exe
VirusPatternoffset15=0
VirusPatternvalue15=0
VirusPatternoffset25=0
VirusPatternvalue25=0
VirusPatternorigLength5=33
VirusPattern6=MSADC/root.exe?/
VirusPatternoffset16=0
VirusPatternvalue16=0
VirusPatternoffset26=0
VirusPatternvalue26=0
VirusPatternorigLength6=31
VirusPattern7=d/winnt/system32
VirusPatternoffset17=0
VirusPatternvalue17=0
VirusPatternoffset27=0
VirusPatternvalue27=0
VirusPatternorigLength7=41
VirusPattern8=c/winnt/system32
VirusPatternoffset18=0
VirusPatternvalue18=0
VirusPatternoffset28=0
VirusPatternvalue28=0
VirusPatternorigLength8=41
VirusPattern9=_mem_bin/..%255c
VirusPatternoffset19=0
VirusPatternvalue19=0
VirusPatternoffset29=0
VirusPatternvalue29=0
VirusPatternorigLength9=78
VirusPattern10=_vti_bin/..%255c
VirusPatternoffset110=0
VirusPatternvalue110=0
VirusPatternoffset210=0
VirusPatternvalue210=0
VirusPatternorigLength10=78
VirusPattern11=msadc/..%255c../
VirusPatternoffset111=0
VirusPatternvalue111=0
VirusPatternoffset211=0
VirusPatternvalue211=0
VirusPatternorigLength11=106
VirusPattern12=scripts/..%%35%6
VirusPatternoffset112=0
VirusPatternvalue112=0
VirusPatternoffset212=0
VirusPatternvalue212=0
VirusPatternorigLength12=59
VirusPattern13=scripts/..%25%35%
VirusPatternoffset113=0
VirusPatternvalue113=0
VirusPatternoffset213=0
VirusPatternvalue213=0
VirusPatternorigLength13=61
VirusPattern14=scripts/..%255c..
VirusPatternoffset114=0
VirusPatternvalue114=0
VirusPatternoffset214=0
VirusPatternvalue214=0
VirusPatternorigLength14=57
VirusPattern15=scripts/..%c1%9c.
VirusPatternoffset115=0
VirusPatternvalue115=0
VirusPatternoffset215=0
VirusPatternvalue215=0
VirusPatternorigLength15=58
VirusPattern16=scripts/root.exe
VirusPatternoffset116=0
VirusPatternvalue116=0
VirusPatternoffset216=0
VirusPatternvalue216=0
VirusPatternorigLength16=81
VirusPattern17=scripts/httpodbc
VirusPatternoffset117=0
VirusPatternvalue117=0
VirusPatternoffset217=0
VirusPatternvalue217=0
VirusPatternorigLength17=30
VirusPattern18=MSADC/root.exe?/
VirusPatternoffset118=0
VirusPatternvalue118=0
VirusPatternoffset218=0
VirusPatternvalue218=0
VirusPatternorigLength18=79
VirusPattern19=MSADC/httpodbc.d
VirusPatternoffset119=0
VirusPatternvalue119=0
VirusPatternoffset219=0
VirusPatternvalue219=0
VirusPatternorigLength19=28
VirusPattern20="c/httpodbc.dll H"
VirusPatternoffset120=0
VirusPatternvalue120=0
VirusPatternoffset220=0
VirusPatternvalue220=0
VirusPatternorigLength20=24
VirusPattern21=d/winnt/system32
VirusPatternoffset121=0
VirusPatternvalue121=0
VirusPatternoffset221=0
VirusPatternvalue221=0
VirusPatternorigLength21=92
VirusPattern22="d/httpodbc.dll H"
VirusPatternoffset122=0
VirusPatternvalue122=0
VirusPatternoffset222=0
VirusPatternvalue222=0
VirusPatternorigLength22=24
VirusPattern23=scripts/..%255c.
VirusPatternoffset123=0
VirusPatternvalue123=0
VirusPatternoffset223=0
VirusPatternvalue223=0
VirusPatternorigLength23=108
VirusPattern24=scripts/.%255c..
VirusPatternoffset124=0
VirusPatternvalue124=0
VirusPatternoffset224=0
VirusPatternvalue224=0
VirusPatternorigLength24=39
VirusPattern25=scripts/..%252f.
VirusPatternoffset125=0
VirusPatternvalue125=0
VirusPatternoffset225=0
VirusPatternvalue225=0
VirusPatternorigLength25=116
VirusPattern26=scripts/..%252f.
VirusPatternoffset126=0
VirusPatternvalue126=0
VirusPatternoffset226=0
VirusPatternvalue226=0
VirusPatternorigLength26=39
VirusPattern27=default.ida?XXXX
VirusPatternoffset127=0
VirusPatternvalue127=0
VirusPatternoffset227=0
VirusPatternvalue227=0
VirusPatternorigLength27=385