The server is NetWare 5.1SP8 with BM3.6SP2a; PROXY.CFG is included
below. When users try to connect to a Blackboard site
(http://cscc.blackboard.com), BorderManager times out. Connecting to
the same site via BM3.8 on NW6.5SP3 works fine. I unchecked "Enforce
access rules" and unloaded FILTSRV, so I know those aren't causing it.

I'm currently trying to get a packet trace. In the meantime, does
anyone have any insight on this problem?

Thanks,

Doug




---proxy.cfg---



; revision 21, Craig Johnson, July 2, 2005
; http://www.craigjconsulting.com
;
; settings for patched BM 3.7 and 3.8 servers (Should be fine with earlier
; versions, though some settings will do nothing if the version of proxy
; doesn't support them). This version includes settings through bm38fp3b.
; You can patch BorderManager 3.5 and 3.6 with certain portions
; of BorderManage 3.7 patches - see tip #1 at www.craigjconsulting.com

; See Novell TID 10059667 for documentation on many of these options.

; Depending on your BorderManager version and patch level, many of
; these settings may be at the default values.

; New section for http tunneling control added after BM38SP2A patch
; See the readme in that, and later, patches for explanation of this
; feature, which relates to security. The setting here is the most
; secure (disables tunneling on all ports, except port 443)
;

[Tunneling]
; this entry allows you to control the ports being tunneled.
; Set the value to 1 to enable control, 0 to disable it.
; You will have to add port number entries for any non-standard port
; number used in HTTPS URL's to make them work through proxy if this
; feature is enabled. This feature definitely affects transparent
; proxy ability to tunnel HTTPS.
; If =1, and you try to connect using HTTPS to a port other than
; 443, as in NRM for instance (port 8009), you will get an
; error message in the browser.
EnableTunnelingControl=0

; this entry allows you to log denied tunneling requests to
; sys:\etc\proxy\tunnel.log. =0 disables logging, =1 enables it.
EnableTunnelingControlLog=1


[HttpTunnelingAllowed]
; the example entries below allow ports 443, 444 (often specified
; for SSL Proxy Authenticaiton, 8009 (for NRM), 2200 (Apache Web Manager
; and 52443 (for iFolder) to be tunneled. Port 443 is enabled by default.
;port<x>=<port #>
port1=8009
port2=52443
port3=2200
port4=444
port5=8443

;
; New section (from BM38SP2A) allowing webwasher to be used as an
upstream proxy
; See latest patch readme for instructions on this.
;[X-Authenticated-User]
;EnableXAuthenticatedUserHTTPHeader = 1
;LDAPServer=x.x.x.x
;LdapTypeUserName=1
;
[BM Cookie]
BM_Forward_Cookie=0
;
[HTTP Streaming]
;The line below fixes the HTTP streaming bug,
;but breaks WindowsUpdate, unless using proxy dated 2003 or later.
; You should have persistent connections enabled in NWADMN32, BorderManager
; Setup, HTTP Proxy Details.
ResetOriginServerConnAfterClientReset=1

[TransparentHTTPS]
;Next entry allows later versions of Transparent Proxy to listen on
HTTPS/SSL
HTTPSPort1=443

[Object Cache]
cut thru no CLH length=0


[Extra Configuration]

; From the post-BM38SP3 patch BM38SP3_ir1.exe, this setting allows
notice of grace
; login / password expiration for SSL Proxy authentication
GraceLoginNotification=1

; From the post-BM38SP3 patch BM38SP3_ir1.exe, this setting allows user
names to show
; in the extended logs.
LogUserNameInExtendedLog=1

; Starting with the BM38FP3E/BM37FP4E patches, allow notification of
; expired password/grace logins in SSL Proxy Authentication
GraceLoginNotification=1

; Starting with the BM38FP3E/BM37FP4E patches, fix user names not showing
; up in extended logs
LogUserNameInExtendedLog=1

; From the BM38FP3C patch, fixes malformed CONNECT request
; sent to back end web server
; (lower case N needed for at least some proxy versions)
NoDummySlashUpstream=1
noDummySlashUpstream=1

; From the BM38FP3C/BM37FP4D patch, fixes 403 forbidden errors
; randomly generated after installing bm37sp3
DonotSendIPToACL =1

; New addition from BM38FP3B/BM37FP4D, allowing custom logout page
; when you logout through http://x.x.x.x:1959/cmd/BM-Logout
CustomErrorPages=1

; New additiom from BM37FP4D, to avoid data read Timeout
; errors (HTTP 504 Gateway Timeout), when you
; post large files to remote WebAccess server
; (=1 turns on this feature, but may cause other problems)
SupportLargePostRequest=0

; This entry works only for BorderManager 3.8, enabling Nsure Audit
logging for proxies
; When Nsure audit logging is enabled, you should disable common,
extended and indexed logging
;EnableNsureAuditLogging=1
;
; Next entry (for proxycfg.dll version from Jan 7, 2004 or later) allows
generic
; proxy to use port 25, to replace Mail Proxy
;AllowGTCPProxyToUsePort25=1
;
; Next entry (for proxy version SMTP1, Jan 7, 2004 or later) allows
; a custom banner to be displayed in a SMTP HELO (mail proxy)
;BM_SMTP_Banner="This is a test BM SMTP Banner.Any unauthorized use of
this software would lead to legal action against the user."
;
; This entry (requires BM37FP3D or later to work) is supposed to help
proxy unload cleanly and quickly
ResBadAddressLoopBreak=1
;
; Next entry (from BM37FP3 patch) fixes caching issue with multiple
browsers on one PC
DonotCache4ContEncoding=1
;
; Next entry (from BM37Sp2) attempts to fix problems with proxy not
unloading
SCacheDestroyYieldInterval=200
;
; Next entry (from BM37Sp2) fixes problem browsing certain web sites
DoNotSendExtraCRLF = 1
;
; Next entry (from BM37Sp2) fixes problem browsing certain web sites
EnableIncomplete302ResponseFix = 0
;
; Next entry fixes a potential ABEND in BM37SP1
EnableHTTPSLogging=0
;
; Next entry prevents Macintosh tunneling to bypass rules
AllowHTTPTunneling=0
;
; Next entry fixes Macintosh SSL Proxy authentication problem
new302Redirect=1
;
DoNotCacheWhenCookieFound=1
;
; If you have a Netmail Server and it has problems with pages not
; loading completely, try commenting out the following line.
PassContentLength=0
;
IgnoreContentLength=1
;
IgnoreContentLengthCheck=1
;
OC_IgnoreContentLengthFlag=1
;
AckWithNoDataOnSYN=1
;
; The following option prevents many abends
IgnoreDuplicateChill=1
;
RestartTimeoutAfterEverySend=1
;
EnableICSPassThruFix=1
;
TurnOffPersistentPassThru=1
;
EnableNoCachePassThru=1
;
TransparentProxySupportsVirtualServers=1
;
DiscardAcceptRanges=1
;
AllowSecond220Respond=1
;
CodeRedWorkAround=1
;
UseSimplifiedErrorPage=0
;
ResolveProxyIPAddress=0
;
ScanVirusPatterns=1
;
; If this is =0, requests without a domain name
; will have the server's domain name appended
DoNotCreateFullyQualifiedHostNames=1
;
HTTPSAuthenticationSwitch=0
;
; following line should cause proxy to unload
; without saving cache memory to disk
DoNotSaveMemoryCacheDuringUnload=1
;
Line_Terminator=CR
;
; New feture from BM38FP3A patch, to help control spam
; via mail proxy
EnableAntispamFeature=1
;
; Next two entries are for BM37SP1 or later servers and deal
; with terminal services cookie-based authentication
; Uncomment to use that feature (see patch readme)
; Note: Terminal services authentication does not work if
; you configure the browser not to proxy requests to the
; BorderManager server IP address (or to the entire local
; subnet, including the BorderManager address).
;EnableTerminalServerAuthentication=1
;RedirectHTTPSRequest=1
;
;
; Next sections about 'authentication' are for BM37SP1 or
; later servers and deal with terminal services
; cookie-based authentication
;[Authentication Subnets]
;PrivateSubnet1=10.0.0.0/255.0.0.0
;PrivateSubnet2=10.4.5.100/255.255.252.0
;PrivateSubnet3=164.99.145.98/255.255.252.0

;[Authentication Ranges]
;PrivateRange1=100.25.4.5-100.25.4.60
;PrivateRange2=20.1.1.1-20.4.5.25
;
;[Authentication Addresses]
;PrivateAddr1=24.0.4.5
;PrivateAddr2=45.3.45.6
;PrivateAddr3=44.5.6.8
;
; Next sections are for Mail Proxy.
; If you have Mail Proxy in BorderManager 3.8, you
; can use multiple (internal) mail domain support.
; If you have earlier versions, you can only have
; a single mail domain.
;
; Next Section is for Mail Proxy on BorderManager 3.7 or earlier
;[BM Mail Proxy]
;BM_Domain=osumc.edu
;BM_Incoming_Relay=0
;BM_Proxy_Domain=servername.yourdomain.com


; Next section is for Mail Proxy on BorderManager 3.8 with
; and multiple domain support. Use your smtp server IP address(es)
; and domain names. See the additional commands for antispam
; and exceptions in the [ExtraConfiguration] section, for BM38FP3B
; and later patches.
;[Multiple Domain Support]
;MultiDomain1=192.168.10.250/yourdomain.com
;MultiDomain2=192.168.10.250/yourdomain2.com


; Next section, from BM38FP3A, controls spam through Mail Proxy, if
; EnableAntispamFeature=1 is set in the extraconfiguration section
; Following are the *exception list* for trusted domains
[Antispam Domain List]
;Examples:
;AntispamDomain1=www.cnn.com
;AntispamDomain2=www.bbc.com
; It may be useful to put your own domain in there.

; The remaining sections are essentially default settings to allow
; BorderManager and its miniwebserver to function correctly.

[Buffer Tracking]
Enable=0

[MiniWeb Server]
Port-Number=1959
Root-Directory=SYS:\ETC\PROXY\DATA

[MiniWeb Server: Mime Types]
Content-Type: text/html=htm,html
Content-Type: text/plain=txt,text,cla,class
Content-Type: image/gif=gif
Content-Type: image/jpeg=jpg,jpeg,jpe,jfif,pjpeg,pjp
Content-Type: image/tiff=tiff,tif
Content-Type: image/x-xbitmap=xbm
Content-Type: video/x-msvideo=avi
Content-Type: video/quicktime=qt,mov,moov
Content-Type: video/x-mpeg2=mpv2,mp2v
Content-Type: video/mpeg=mpeg,mpg,mpe,mpv,vbs,mpegv
Content-Type: audio/x-pn-realaudio=ra,ram
Content-Type: audio/x-mpeg=mpega,mp2,mpa,abs
Content-Type: audio/x-wav=wav
Content-Type: audio/x-aiff=aif,aiff,aifc
Content-Type: application/x-ns-proxy-autoconfig=pac

[Log Format]
Delimiter-Character=space

; The virus pattern configuration section allows you to have
; the Reverse Proxy block requests with certain patterns
; in the HTML code. Most of these patterns listed below
; are for Code Red and NIMDA viruses. The proxy
; can also 'autodetect' viruses and add them to a list.
; See Novell's AppNote on this from Sept. 2002.
;

[Virus Pattern Configuration]
EnablePatternAutoUpdate=1
MaxNoOfVirusPatterns=128
NoOfVirusPatterns=28
PatternSize=16
PatternStartOffset=1
VirusPattern0=scripts/..%252f.
VirusPatternoffset10=0
VirusPatternvalue10=0
VirusPatternoffset20=0
VirusPatternvalue20=0
VirusPatternorigLength0=57
VirusPattern1=scripts/..%c1%1c
VirusPatternoffset11=0
VirusPatternvalue11=0
VirusPatternoffset21=0
VirusPatternvalue21=0
VirusPatternorigLength1=58
VirusPattern2=scripts/..%c0%2f
VirusPatternoffset12=0
VirusPatternvalue12=0
VirusPatternoffset22=0
VirusPatternvalue22=0
VirusPatternorigLength2=58
VirusPattern3=scripts/..%c0%af
VirusPatternoffset13=0
VirusPatternvalue13=0
VirusPatternoffset23=0
VirusPatternvalue23=0
VirusPatternorigLength3=58
VirusPattern4=scripts/..%%35c.
VirusPatternoffset14=0
VirusPatternvalue14=0
VirusPatternoffset24=0
VirusPatternvalue24=0
VirusPatternorigLength4=57
VirusPattern5=scripts/root.exe
VirusPatternoffset15=0
VirusPatternvalue15=0
VirusPatternoffset25=0
VirusPatternvalue25=0
VirusPatternorigLength5=33
VirusPattern6=MSADC/root.exe?/
VirusPatternoffset16=0
VirusPatternvalue16=0
VirusPatternoffset26=0
VirusPatternvalue26=0
VirusPatternorigLength6=31
VirusPattern7=d/winnt/system32
VirusPatternoffset17=0
VirusPatternvalue17=0
VirusPatternoffset27=0
VirusPatternvalue27=0
VirusPatternorigLength7=41
VirusPattern8=c/winnt/system32
VirusPatternoffset18=0
VirusPatternvalue18=0
VirusPatternoffset28=0
VirusPatternvalue28=0
VirusPatternorigLength8=41
VirusPattern9=_mem_bin/..%255c
VirusPatternoffset19=0
VirusPatternvalue19=0
VirusPatternoffset29=0
VirusPatternvalue29=0
VirusPatternorigLength9=78
VirusPattern10=_vti_bin/..%255c
VirusPatternoffset110=0
VirusPatternvalue110=0
VirusPatternoffset210=0
VirusPatternvalue210=0
VirusPatternorigLength10=78
VirusPattern11=msadc/..%255c../
VirusPatternoffset111=0
VirusPatternvalue111=0
VirusPatternoffset211=0
VirusPatternvalue211=0
VirusPatternorigLength11=106
VirusPattern12=scripts/..%%35%6
VirusPatternoffset112=0
VirusPatternvalue112=0
VirusPatternoffset212=0
VirusPatternvalue212=0
VirusPatternorigLength12=59
VirusPattern13=scripts/..%25%35%
VirusPatternoffset113=0
VirusPatternvalue113=0
VirusPatternoffset213=0
VirusPatternvalue213=0
VirusPatternorigLength13=61
VirusPattern14=scripts/..%255c..
VirusPatternoffset114=0
VirusPatternvalue114=0
VirusPatternoffset214=0
VirusPatternvalue214=0
VirusPatternorigLength14=57
VirusPattern15=scripts/..%c1%9c.
VirusPatternoffset115=0
VirusPatternvalue115=0
VirusPatternoffset215=0
VirusPatternvalue215=0
VirusPatternorigLength15=58
VirusPattern16=scripts/root.exe
VirusPatternoffset116=0
VirusPatternvalue116=0
VirusPatternoffset216=0
VirusPatternvalue216=0
VirusPatternorigLength16=81
VirusPattern17=scripts/httpodbc
VirusPatternoffset117=0
VirusPatternvalue117=0
VirusPatternoffset217=0
VirusPatternvalue217=0
VirusPatternorigLength17=30
VirusPattern18=MSADC/root.exe?/
VirusPatternoffset118=0
VirusPatternvalue118=0
VirusPatternoffset218=0
VirusPatternvalue218=0
VirusPatternorigLength18=79
VirusPattern19=MSADC/httpodbc.d
VirusPatternoffset119=0
VirusPatternvalue119=0
VirusPatternoffset219=0
VirusPatternvalue219=0
VirusPatternorigLength19=28
VirusPattern20="c/httpodbc.dll H"
VirusPatternoffset120=0
VirusPatternvalue120=0
VirusPatternoffset220=0
VirusPatternvalue220=0
VirusPatternorigLength20=24
VirusPattern21=d/winnt/system32
VirusPatternoffset121=0
VirusPatternvalue121=0
VirusPatternoffset221=0
VirusPatternvalue221=0
VirusPatternorigLength21=92
VirusPattern22="d/httpodbc.dll H"
VirusPatternoffset122=0
VirusPatternvalue122=0
VirusPatternoffset222=0
VirusPatternvalue222=0
VirusPatternorigLength22=24
VirusPattern23=scripts/..%255c.
VirusPatternoffset123=0
VirusPatternvalue123=0
VirusPatternoffset223=0
VirusPatternvalue223=0
VirusPatternorigLength23=108
VirusPattern24=scripts/.%255c..
VirusPatternoffset124=0
VirusPatternvalue124=0
VirusPatternoffset224=0
VirusPatternvalue224=0
VirusPatternorigLength24=39
VirusPattern25=scripts/..%252f.
VirusPatternoffset125=0
VirusPatternvalue125=0
VirusPatternoffset225=0
VirusPatternvalue225=0
VirusPatternorigLength25=116
VirusPattern26=scripts/..%252f.
VirusPatternoffset126=0
VirusPatternvalue126=0
VirusPatternoffset226=0
VirusPatternvalue226=0
VirusPatternorigLength26=39
VirusPattern27=default.ida?XXXX
VirusPatternoffset127=0
VirusPatternvalue127=0
VirusPatternoffset227=0
VirusPatternvalue227=0
VirusPatternorigLength27=385