RE: Pop UP Ads

• From: "Frederic Giroux" <fgiroux@xxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 8 Aug 2003 12:14:13 -0400

Jim Harrison said...

_________________________
Resolving requests to IPs and vice versa was part of the security design of
ISA. If someone makes an IP-based request and ISA doesn't have any IPs in the
lists (or the other way around), the default behavior is to "gather all the
data possible and make an intelligent decision."
_________________________


        This makes perfect sense but it also leads to the problem that we are 
faced to.


_________________________
Unfortunately, since most of the Internet "entities" don't have the
slightest clue how to design, establish or maintain their "DNS space", and
consequently, this functionality is broken.  This isn't getting any better
with the plethora of "joe's website" being hosted by AOL , "rentaweb" and
practically any ISP on the planet.
_________________________



        You're right about problems into "DNS space".  However, hosting several 
web sites on the same server using the same IP is a feature of many web servers 
including IIS.  This is not a DNS problem but a lack of IP addresses.  I'd be 
curious to know how many web sites there are on the planet and compare the 
number to the available IP addresses (really available IP addresses of course).


_________________________
If you want ISA to use the rules strictly as written then you have to add
the SkipNameResolution... registry entries spelled out in
http://support.microsoft.com/default.aspx?scid=292018
_________________________



        Thanks for the link.  I must say that I hesitate to implement this fix 
not knowing what other implications this might have.  On the other hand, users 
are able to access sites that they should not be able to access.  Being able to 
access them only by IP address is certainly not as bad as letting them use a 
simple URL.

        Thanks again :-)

        Fred

______________________________ 
Frederic Giroux
LAN Administrator
CyberCap
 
fgiroux@xxxxxxxxxxxxxx 
http://www.cybercap.qc.ca 
 
33 Prince St.
Suite 301
Montreal, Qc
H3C 2M7
 
(514) 861-7700 ext. 303
Fax : (514) 861-7700

Other related posts:

• » Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads
• » RE: Pop UP Ads

1. Home
2. isalist
3. Archive
4. 08-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---