Re: Creating rules for HTTPS: sites

• From: "Iain Peirse" <Iain.Peirse@xxxxxxxxxxxxx>
• To: isalist@xxxxxxxxxxxxx
• Date: Thu, 24 Apr 2003 11:56:57 -0600

Ok,
I have created a very simple setup to see whats going on:

I'm not using client sets (any client).
I'm not setting a schedule (at any time).
I've got a single Protocol rule allowing all (all IP traffic).
I have one destination set with the following:
  web.mail.demon.net
  web.mail.demon.net/*

The web.mail.demon.net server will accept connection in either http: or
https: (give it a try)

When I plug:
http://web.mail.demon.net
Into a browser I get the page.

When I plug:
https://web.mail.demon.net
Into a browser I get a blank page with 'The page cannot be displayed' in
the title bar (like the page title of the 'isa server has denied...' page)

its annoying me now... :-S

Iain.

> Hi Iain,
> 
> Make sure you subscribe to the ISAServer.org newsletter, as the feature
> article covers issues related to what you might be going through.
> 
> HTH,
> Tom
> 
> Thomas W Shinder
> www.isaserver.org/shinder=20
> ISA Server and Beyond: http://tinyurl.com/1jq1
> Configuring ISA Server: http://tinyurl.com/1llp
> 
> =20
> 
> 
> -----Original Message-----
> From: Iain Peirse [mailto:Iain.Peirse@xxxxxxxxxxxxx]=20
> Sent: Thursday, April 24, 2003 11:01 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: Creating rules for HTTPS: sites
> 
> 
> http://www.ISAserver.org
> 
> 
> I think I've reached the 'tried everything everyway, except the right
> way
> (which is probably very obvious) stage.
> 
> Heres the full scenario:
> All users use the web proxy on the ISA server port 8080 to get to the
> Web.
> 
> We have two sets of users, those on DHCP and those with STATIC ip
> addresses.
> We've created address sets for each of these.
> 
> STATIC users/servers are allowed access to everywhere at all times.
> 
> DHCP users are allowed access to a restricted list of sites during
> office
> hours only. Everywhere else is denied.
> 
> We've created an 'office hours' schedule.
> 
> Sites DHCP can use: (names have been changed...)
> http://www.xxx.co.uk
> http://www.yyy.com
> http://test.zzz.org
> https://server.creditcheck.com
> 
> I know this _should_ be simple, but I've missed something.
> 
> I'm going to have another crack after hours tonight, in about an hour.
> 
> Is it just a case of ignoring the HTTP/HTTPS and creating the rules?
> (Maybe I;ve been complicating it too much)
> 
> Iain.
> 
> 
> 
> > Exactly how are you creating the rules?
> > You can't specify the protocol prefix in destination sets.
> >=20
> >=20
> >  Jim Harrison
> >  MCP(NT4, W2K), A+, Network+, PCG
> >  http://www.microsoft.com/isaserver
> >  http://isaserver.org/Jim_Harrison
> >  http://isatools.org
> >=20
> >  Read the help, books and articles!
> > ----- Original Message -----
> > From: "Iain Peirse" <Iain.Peirse@xxxxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Thursday, April 24, 2003 00:50
> > Subject: [isalist] Creating rules for HTTPS: sites
> >=20
> >=20
> > http://www.ISAserver.org
> >=20
> >=20
> > Is there a specific way to creat a rule to allow only specific HTTPS:
> > sites?
> > We have several HTTP: allows created already but adding an HTTPS:
> allow
> > creates all sorts of problems with the existing rules. Those sites
> already
> > allowed are usually denied as soon as an HTTPS: based site is added to
> the
> > allow list.
> >=20
> > vbr,
> > Iain.
> >=20
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
> > ------------------------------------------------------
> > Exchange Server Resource Site: http://www.msexchange.org/
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> > jim@xxxxxxxxxxxx
> > To unsubscribe send a blank email to
> $subst('Email.Unsub')
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Creating rules for HTTPS: sites
• » Re: Creating rules for HTTPS: sites
• » Re: Creating rules for HTTPS: sites
• » Re: Creating rules for HTTPS: sites
• » Re: Creating rules for HTTPS: sites
• » Re: Creating rules for HTTPS: sites
• » Re: Creating rules for HTTPS: sites
• » Re: Creating rules for HTTPS: sites
• » Re: Creating rules for HTTPS: sites
• » Re: Creating rules for HTTPS: sites
• » Re: Creating rules for HTTPS: sites

1. Home
2. isalist
3. Archive
4. 04-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---