RBA Proxy Filter - Installation and Configuration Notes


For additional Information read the readme.txt file included in rbaproxy.zip.

RBAProxy is tested on MS Proxy 2.0 and IIS3.0 or IIS4.0. Other configurations may work but are not supported.
New Group types introduced with Windows 2000 are not supported. Microsoft ISA Server is not supported yet.

Update from Previous Versions of RBAProxy
  1. Download the newest version from this website and extract it to a temporary directory.
  2. Stop the "World Wide Web Publishing Service"
  3. Copy rbaproxy.dll over the previously installed version.
  4. Merge Information in rbaproxy.ini (you don't need to change this file if you don't want to activate new features.
  5. Restart the "World Wide Web Publishing Service"
First Install
  1. RBA Proxy depends on IIS user information. You therefore have to turn off anonymous access to your Proxy by disabling the corresponding option in the IIS directory security configuration page.
  2. Create up to 15 groups that you want to assign different filter lists to.
    You can use Server Local Groups (for member servers only), Domain Local or Global Groups.
  3. Make sure all the groups you created have the appropriate access rights in MS Proxy Server.
  4. Unzip RBAProxy.zip and copy all the files to a directory, where the Local System user has read and execute permissions.
    If you want to use the ISAPI extension too, you also have to make sure that your administrative users have access via IIS (virtual directoy / file permissions)
  5. Edit rbaproxy.ini to reflect the group settings you chose.
    Don't forget to set the parameters Groups= to the number of groups you configured.
  6. Register rbaproxy.dll as an ISAPI filter in the Default Website. Move it to the highest position possible if you have several DLLs registered here.
  7. Run the supplied register.bat file to register rbaproxy.dll for the Event Viewer.
  8. Edit the sites_XX.txt files to include the initial set of allowed sites for each filter list.
  9. Restart the "World Wide Web Publishing Service"
  10. Assign Accounts and Global Groups to your restricted Groups.
Using the HTML interface

If you placed rbaproxy.dll to a directory that is accessible via a virtual directory in IIS, you can call the ISAPI extension by entering the address in your browser:


Show Users displays a list of currently logged in users together with their access permissions

Show displays a list of all sites defined in a filter list:

Add lets you add new sites to the filter list(s).


Reload Configuration lets you reload the filter lists and changed settings of rbaproxy.ini without having to restart IIS.

Customizing the "Access Denied" message

RBAProxy comes with a predefined message, which you can customize by editing the supplied denied_message.htm file.

Use the following special tokens to insert current data from the filter:

Token Replaced by
<%USER%> the current user name
<%MASK%> the current access mask
<%PROXY%> name of the proxyserver
<%HOST%> the current hostname part of the URL supplied
<%VERSION%> a description of the current version of the filter (should be inserted as an html comment).

You should probably supply a link to a form or mail, where users can suggest that a new address got added to a filter list.

Hint: Use the special tokens to preload the form or mail message with username and hostname:

<a href="mailto:hostmaster@acme.com?subject=<%USER%> suggests <%HOST%>">Suggest this site being added to the list of allowed sites</a>


06/13/00 by Erwin Richard