Might be. Like Jim said, you only want the host name or IP and maybe a path in destination sets. The protocols get used elsewhere. Thus, no http:// or https:// in destination set entries. -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CIT1.1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-2855 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Iain Peirse [mailto:Iain.Peirse@xxxxxxxxxxxxx] Sent: Thursday, April 24, 2003 12:01 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Creating rules for HTTPS: sites http://www.ISAserver.org I think I've reached the 'tried everything everyway, except the right way (which is probably very obvious) stage. Heres the full scenario: All users use the web proxy on the ISA server port 8080 to get to the Web. We have two sets of users, those on DHCP and those with STATIC ip addresses. We've created address sets for each of these. STATIC users/servers are allowed access to everywhere at all times. DHCP users are allowed access to a restricted list of sites during office hours only. Everywhere else is denied. We've created an 'office hours' schedule. Sites DHCP can use: (names have been changed...) http://www.xxx.co.uk http://www.yyy.com http://test.zzz.org https://server.creditcheck.com I know this _should_ be simple, but I've missed something. I'm going to have another crack after hours tonight, in about an hour. Is it just a case of ignoring the HTTP/HTTPS and creating the rules? (Maybe I;ve been complicating it too much) Iain. > Exactly how are you creating the rules? > You can't specify the protocol prefix in destination sets. > > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://www.microsoft.com/isaserver > http://isaserver.org/Jim_Harrison > http://isatools.org > > Read the help, books and articles! > ----- Original Message ----- > From: "Iain Peirse" <Iain.Peirse@xxxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Thursday, April 24, 2003 00:50 > Subject: [isalist] Creating rules for HTTPS: sites > > > http://www.ISAserver.org > > > Is there a specific way to creat a rule to allow only specific HTTPS: > sites? > We have several HTTP: allows created already but adding an HTTPS: allow > creates all sorts of problems with the existing rules. Those sites already > allowed are usually denied as soon as an HTTPS: based site is added to the > allow list. > > vbr, > Iain. > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')