I'm having a problem that I'm hoping someone can help me with. Server is
Netware 5.1 sp8 running Bordermanager 3.8 sp4. SP5 is not installed because
the readme indicates Netware 6.5 is required.

The issue is some web pages will not load completely the first time they
are accessed, leaving 'empty graphic' icons (red X inside a box) where
graphics should be. In some cases users will get a 'page cannot be
displayed' error. It's clear this is a proxy problem because when I
configure the browser to go straight out the problem does not occur. Below
is the proxy.cfg file being used.

If anyone has suggestions they would be greatly appreciated. I'm toying
with the idea of rebuilding the box to Netware 6.5 and applying sp5 for BM 3.8.


Dan Lietz
Systems Engineer
Gracon Services, Inc.

************************************************** **********
; revision 25, Craig Johnson, June 26, 2006
; http://www.craigjconsulting.com
; settings for patched BM 3.7 and 3.8 servers (Should be fine with earlier
; versions, though some settings will do nothing if the version of proxy
; doesn't support them). This version includes settings through bm38fp3b.
; You can patch BorderManager 3.5 and 3.6 with certain portions
; of BorderManage 3.7 patches - see tip #1 at www.craigjconsulting.com

; See Novell TID 10059667 for documentation on many of these options.

; Depending on your BorderManager version and patch level, many of
; these settings may be at the default values.

; New section for http tunneling control added after BM38SP2A patch
; See the readme in that, and later, patches for explanation of this
; feature, which relates to security. The setting here is the most
; secure (disables tunneling on all ports, except port 443)

; this entry allows you to control the ports being tunneled.
; Set the value to 1 to enable control, 0 to disable it.
; You will have to add port number entries for any non-standard port
; number used in HTTPS URL's to make them work through proxy if this
; feature is enabled. This feature definitely affects transparent
; proxy ability to tunnel HTTPS.
; If =1, and you try to connect using HTTPS to a port other than
; 443, as in NRM for instance (port 8009), you will get an
; error message in the browser.

; this entry allows you to log denied tunneling requests to
; sys:\etc\proxy\tunnel.log. =0 disables logging, =1 enables it.

; the example entries below allow ports 443, 444 (often specified
; for SSL Proxy Authenticaiton, 8009 (for NRM), 2200 (Apache Web Manager
; and 52443 (for iFolder) to be tunneled. Port 443 is enabled by default.
;port<x>=<port #>
; use 444 for ssl proxy authentication
; allow 1494 thru for Citrix apps in browsers
; allow overbey.info/vdeck
; allow for emich.edu 'services main menu section'
; New section (from BM38SP2A) allowing webwasher to be used as an upstream
; See latest patch readme for instructions on this.
;EnableXAuthenticatedUserHTTPHeader = 1
[BM Cookie]
[HTTP Streaming]
;The line below fixes the HTTP streaming bug,
;but breaks WindowsUpdate, unless using proxy dated 2003 or later.
; You should have persistent connections enabled in NWADMN32, BorderManager
; Setup, HTTP Proxy Details.

;Next entry allows later versions of Transparent Proxy to listen on HTTPS/SSL

[Object Cache]
cut thru no CLH length=0

[Extra Configuration]
;From the BM38SP4_IR4 patch. Re-enable scheduled downloads. If you have
some sort of memory leak,
;disable this setting (=0). If you want to allow scheduled downloads or
use Option 22 on the
; proxy console screen, you need to enable (=1) this setting with the IR4
or later patches.

;Will pass thru HTTP 1.1 content with out touching it. Because
BorderManager is not
;fully http1.1 compatible, this switch may fix issues you are having with
http 1.1 sites.

;From the post-BM38SP4 patch BM38SP4_IR4.EXE, if FTP to a remote WinFTP
server using
;BorderManager fails, use the following

;From the post-BM38SP4 patch BM38SP4_IR4.EXE, this setting moves the
;ICP Parent Down messages from the console prompt to the ICP Statistics window.

; From the post-BM38SP3 patch BM38SP3_ir1.exe, this setting allows user
names to show
; in the extended logs.

; Starting with the BM38FP3E/BM37FP4E patches, allow notification of
; expired password/grace logins in SSL Proxy Authentication

; From the BM38FP3C patch, fixes malformed CONNECT request
; sent to back end web server
; (lower case N needed for at least some proxy versions)

; From the BM38FP3C/BM37FP4D patch, fixes 403 forbidden errors
; randomly generated after installing bm37sp3
DonotSendIPToACL =1

; New addition from BM38FP3B/BM37FP4D, allowing custom logout page
; when you logout through http://x.x.x.x:1959/cmd/BM-Logout

; New additiom from BM37FP4D, to avoid data read Timeout
; errors (HTTP 504 Gateway Timeout), when you
; post large files to remote WebAccess server
; (=1 turns on this feature, but may cause other problems)

; This entry works only for BorderManager 3.8, enabling Nsure Audit logging
for proxies
; When Nsure audit logging is enabled, you should disable common, extended
and indexed logging
; Next entry (for proxycfg.dll version from Jan 7, 2004 or later) allows
; proxy to use port 25, to replace Mail Proxy
; Next entry (for proxy version SMTP1, Jan 7, 2004 or later) allows
; a custom banner to be displayed in a SMTP HELO (mail proxy)
;BM_SMTP_Banner="This is a test BM SMTP Banner.Any unauthorized use of this
software would lead to legal action against the user."
; This entry (requires BM37FP3D or later to work) is supposed to help proxy
unload cleanly and quickly
; Next entry (from BM37FP3 patch) fixes caching issue with multiple
browsers on one PC
; Next entry (from BM37Sp2) attempts to fix problems with proxy not unloading
; Next entry (from BM37Sp2) fixes problem browsing certain web sites
DoNotSendExtraCRLF = 1
; Next entry (from BM37Sp2) fixes problem browsing certain web sites
EnableIncomplete302ResponseFix = 0
; Next entry fixes a potential ABEND in BM37SP1
; Next entry prevents Macintosh tunneling to bypass rules
; Next entry fixes Macintosh SSL Proxy authentication problem
; If you have a Netmail Server and it has problems with pages not
; loading completely, try commenting out the following line.
; The following option prevents many abends
; If this is =0, requests without a domain name
; will have the server's domain name appended
; following line should cause proxy to unload
; without saving cache memory to disk
; New feture from BM38FP3A patch, to help control spam
; via mail proxy
; Next two entries are for BM37SP1 or later servers and deal
; with terminal services cookie-based authentication
; Uncomment to use that feature (see patch readme)
; Note: Terminal services authentication does not work if
; you configure the browser not to proxy requests to the
; BorderManager server IP address (or to the entire local
; subnet, including the BorderManager address).
; Next sections about 'authentication' are for BM37SP1 or
; later servers and deal with terminal services
; cookie-based authentication
;[Authentication Subnets]

;[Authentication Ranges]
;[Authentication Addresses]
; Next sections are for Mail Proxy.
; If you have Mail Proxy in BorderManager 3.8, you
; can use multiple (internal) mail domain support.
; If you have earlier versions, you can only have
; a single mail domain.
; Next Section is for Mail Proxy on BorderManager 3.7 or earlier
;[BM Mail Proxy]

; Next section is for Mail Proxy on BorderManager 3.8 with
; and multiple domain support. Use your smtp server IP address(es)
; and domain names. See the additional commands for antispam
; and exceptions in the [ExtraConfiguration] section, for BM38FP3B
; and later patches.
;[Multiple Domain Support]

; Next section, from BM38FP3A, controls spam through Mail Proxy, if
; EnableAntispamFeature=1 is set in the extraconfiguration section
; Following are the *exception list* for trusted domains
[Antispam Domain List]
; It may be useful to put your own domain in there.

; The remaining sections are essentially default settings to allow
; BorderManager and its miniwebserver to function correctly.

; NSURE Audit section comes from the BM38SP4_IR4 patch.
;[Nsure Audit]
; Enable=1
; EnableUserAgentLogging=1
; EnableErrorMessageDisplay=1
; Description of the above flags:
; Enable=1: Enables the Nsure Audit logging
; EnableUserAgentLogging=1: Logs the UserAgent
; information.
; EnableErrorMessageDisplay=1: Displays Nsure Audit
; initializaion error messages on the server
; console.

[Buffer Tracking]

[MiniWeb Server]

[MiniWeb Server: Mime Types]
Content-Type: text/html=htm,html
Content-Type: text/plain=txt,text,cla,class
Content-Type: image/gif=gif
Content-Type: image/jpeg=jpg,jpeg,jpe,jfif,pjpeg,pjp
Content-Type: image/tiff=tiff,tif
Content-Type: image/x-xbitmap=xbm
Content-Type: video/x-msvideo=avi
Content-Type: video/quicktime=qt,mov,moov
Content-Type: video/x-mpeg2=mpv2,mp2v
Content-Type: video/mpeg=mpeg,mpg,mpe,mpv,vbs,mpegv
Content-Type: audio/x-pn-realaudio=ra,ram
Content-Type: audio/x-mpeg=mpega,mp2,mpa,abs
Content-Type: audio/x-wav=wav
Content-Type: audio/x-aiff=aif,aiff,aifc
Content-Type: application/x-ns-proxy-autoconfig=pac

[Log Format]

; The virus pattern configuration section allows you to have
; the Reverse Proxy block requests with certain patterns
; in the HTML code. Most of these patterns listed below
; are for Code Red and NIMDA viruses. The proxy
; can also 'autodetect' viruses and add them to a list.
; See Novell's AppNote on this from Sept. 2002.