Re: GFI Realtime Monitor URL
- From: "David Farinic" <davidf@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 13 May 2002 14:14:03 +0200
Hi,
If Real Time monitor gets a request from http://monitor.isa, by default
it allows anybody to see monitor status. If customer configured
displaying context of monitor only to members of administrators group
(Configuration of RTM can be retrieved by double clicking on Real time
monitor filter in ISA MMC configuration-> Proxy extensions)
then it checks if the user is authenticated.
If not, it passes the request to ISA server for authentication. When RTM
gets user's SID, RTM checks if this SID is part of ADMINISTRATORs group.
Since RTM uses universal SID checking, the administrators groups can be
named differently in different.
If a is not an administrator, RTM sends an error message html page
(defined in file named deniedmsg.html in ISA directory) to the user's
browser.
Regards.
-----Original Message-----
From: Shamshad Ahmad [mailto:sahmad@xxxxxxxxx]
Sent: Monday, May 13, 2002 2.04 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: GFI Realtime Monitor URL
http://www.ISAserver.org
Hi
I have real-time monitor installed. Everybody can access monitor.isa. I
want only selected people to access it. I tried using destination set
but did not work. What else can I do to restrict access to monitor.isa
Shamshad
-----Original Message-----
From: Deus, Attonbitus [mailto:Thor@xxxxxxxxxxxxxxx]
Sent: Friday, May 10, 2002 10:10 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: GFI Realtime Monitor URL
http://www.ISAserver.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 06:07 PM 5/9/2002, you wrote:
>http://www.ISAserver.org
>
>
>http://monitor.isa/
>
>That should work for any internal client. It doesn't map to an IP. I
>would think that somehow it monitors the tcp port 80 to look for
>monitor.isa in the header and then display the real-time chart of
>activity.
Well, it will work for any web proxy internal client. A fw client or
snat
client whose browser is not set to use the proxy will not resolve.
Setting the client browser to use the isa proxy does, though.
Not sure if that is what you meant, but I thought I would clear that up.
AD
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPNtPBYhsmyD15h5gEQJp9ACeMWFp1Y46G114Pn/4D8j6aR8/qkgAn2uJ
r/vvEDAXmjDvcqLxf/GerEtF
=y/qX
-----END PGP SIGNATURE-----
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
sahmad@xxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
davidf@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
****************************************************************
This mail was content checked for malicious code and viruses
by MailSecurity. MailSecurity provides email content checking,
exploit detection and anti-virus for Exchange. Spam, viruses,
dangerous attachments & offensive content are removed
automatically. Key features include: Multiple virus engines;
Email content & attachment checking; Exploit shield - email
intrusion detection & defence; Email threats engine - analyses
& defuses HTML scripts, .exe files & more.
***************************************************************
In addition to MailSecurity, GFI also produces the FAXmaker
fax server & LANguard network security product ranges. For
more information on our products, please visit http://www.gfi.com
This disclaimer was sent by Mail essentials for Exchange/SMTP.
Other related posts:
