Ok, I have created a very simple setup to see whats going on: I'm not using client sets (any client). I'm not setting a schedule (at any time). I've got a single Protocol rule allowing all (all IP traffic). I have one destination set with the following: web.mail.demon.net web.mail.demon.net/* The web.mail.demon.net server will accept connection in either http: or https: (give it a try) When I plug: http://web.mail.demon.net Into a browser I get the page. When I plug: https://web.mail.demon.net Into a browser I get a blank page with 'The page cannot be displayed' in the title bar (like the page title of the 'isa server has denied...' page) its annoying me now... :-S Iain. > Hi Iain, > > Make sure you subscribe to the ISAServer.org newsletter, as the feature > article covers issues related to what you might be going through. > > HTH, > Tom > > Thomas W Shinder > www.isaserver.org/shinder=20 > ISA Server and Beyond: http://tinyurl.com/1jq1 > Configuring ISA Server: http://tinyurl.com/1llp > > =20 > > > -----Original Message----- > From: Iain Peirse [mailto:Iain.Peirse@xxxxxxxxxxxxx]=20 > Sent: Thursday, April 24, 2003 11:01 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: Creating rules for HTTPS: sites > > > http://www.ISAserver.org > > > I think I've reached the 'tried everything everyway, except the right > way > (which is probably very obvious) stage. > > Heres the full scenario: > All users use the web proxy on the ISA server port 8080 to get to the > Web. > > We have two sets of users, those on DHCP and those with STATIC ip > addresses. > We've created address sets for each of these. > > STATIC users/servers are allowed access to everywhere at all times. > > DHCP users are allowed access to a restricted list of sites during > office > hours only. Everywhere else is denied. > > We've created an 'office hours' schedule. > > Sites DHCP can use: (names have been changed...) > http://www.xxx.co.uk > http://www.yyy.com > http://test.zzz.org > https://server.creditcheck.com > > I know this _should_ be simple, but I've missed something. > > I'm going to have another crack after hours tonight, in about an hour. > > Is it just a case of ignoring the HTTP/HTTPS and creating the rules? > (Maybe I;ve been complicating it too much) > > Iain. > > > > > Exactly how are you creating the rules? > > You can't specify the protocol prefix in destination sets. > >=20 > >=20 > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://www.microsoft.com/isaserver > > http://isaserver.org/Jim_Harrison > > http://isatools.org > >=20 > > Read the help, books and articles! > > ----- Original Message ----- > > From: "Iain Peirse" <Iain.Peirse@xxxxxxxxxxxxx> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > Sent: Thursday, April 24, 2003 00:50 > > Subject: [isalist] Creating rules for HTTPS: sites > >=20 > >=20 > > http://www.ISAserver.org > >=20 > >=20 > > Is there a specific way to creat a rule to allow only specific HTTPS: > > sites? > > We have several HTTP: allows created already but adding an HTTPS: > allow > > creates all sorts of problems with the existing rules. Those sites > already > > allowed are usually denied as soon as an HTTPS: based site is added to > the > > allow list. > >=20 > > vbr, > > Iain. > >=20 > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ > > ------------------------------------------------------ > > Exchange Server Resource Site: http://www.msexchange.org/ > > Windows Security Resource Site: http://www.windowsecurity.com/ > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > jim@xxxxxxxxxxxx > > To unsubscribe send a blank email to > $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub')