http://www.ISAserver.org ------------------------------------------------------- I got it Jim, below is the log..... I just blocked HTTP and HTTPS port of the IP 209.10.203.102 Original Client IP Client Agent Authenticated Client Service Referring Server Destination Host Name Transport HTTP Method MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload GMT Log Time Source Port Processing Time Bytes Sent Bytes Received Cache Information Error Information Log Time Client IP Destination IP Destination Port Protocol Action Rule Result Code HTTP Status Code Client Username URL Source Network Destination Network Server Name Log Record Type 192.168.2.169 chikka.exe:3:5.1 - TCP - - - 3/30/2006 10:39:59 AM 2130 0 0 0 0x0 0x0 3/30/2006 6:39:59 PM 192.168.2.169 209.10.203.102 443 HTTPS Initiated Connection NASS Rule 0x0 QCGMA\mpc-admin - Internal External SHR8 Firewall Thanks for the help Mykel -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Saturday, March 18, 2006 10:27 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Chikka Instant MMS Messenger http://www.ISAserver.org Time to start looking into the logs. We're answering the questions you ask based on the information you're providing. Clearly, you're missing something here... -----Original Message----- From: Corciega, Michael P. [mailto:MPCorciega@xxxxxxxxxxxxxx] Sent: Friday, March 17, 2006 8:04 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Chikka Instant MMS Messenger http://www.ISAserver.org Did what you suggested Jim, placed the rule on top, blocked HTTP & HTTPS, from: Internal, to: *.chikka.com (I used * just to make sure everything will be blocked), all content types..... still passes thru ..... this apps (chikka) really gives me a headache man! Mykel ________________________________ From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Wednesday, March 15, 2006 1:16 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Chikka Instant MMS Messenger http://www.ISAserver.org Not likely. ISA can't "see into" SSL tunnels. All you have to do is create a domain name set with "register.chikka.com" and use it in a deny rule that comes before any allow rule. ________________________________ From: Corciega, Michael P. [mailto:MPCorciega@xxxxxxxxxxxxxx] Sent: Tuesday, March 14, 2006 7:37 PM To: [ISAserver.org Discussion List] Subject: [isalist] Chikka Instant MMS Messenger http://www.ISAserver.org Hi Everyone! I'm trying to block this service from ISA2004 thru Configure HTTP using Signature or Headers yet still users can still connect to this internet service. Below are the info's I got (using ethereal). The service is using 443 as it's port connection. Is configuring HTTP will also affect HTTPS? POST /tracker.php HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* Content-Type: application/x-www-form-urlencoded User-Agent: Microsoft URL Control - 6.00.8862 Host: register.chikka.com Content-Length: 33 Cache-Control: no-cache chikkaid=639273451095&client_id=0 Please help. I can't migrate some of our clients to this server if I cannot block this thing. Thanks, Mykel DISCLAIMER: This Message may contain confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you received this message in error please notify your Mail Administrator and delete this message immediately. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of GMA Network, Inc. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mpcorciega@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx DISCLAIMER: This Message may contain confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you received this message in error please notify your Mail Administrator and delete this message immediately. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of GMA Network, Inc. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mpcorciega@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx