Re: Unable to block Websites

Hi Jim,
Thanks a lot for the info.
This is what I found in Logs
http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll
<http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll> , -, -, 407, -, -,
-
172.20.50.140, RIYADH\mabdulrahim, Mozilla/4.0 (compatible; MSIE 5.01;
HostIE 4.4.2.0), -, 4/9/2004, 0:00:54, -, IT-ISA01, -, -, -, 0, 0, 696, 0,
-, -, POST, http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll
<http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll> , -, -, 12209, -,
-, -
172.20.25.175, RIYADH\abin-siddique, Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1), -, 4/9/2004, 0:00:54, -, IT-ISA01, -, 212.93.193.87,
212.93.193.87, 8080, 2734, 604, 47584, http, -, GET,
http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll
<http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll> , -, -, 407, -, -,
-
172.20.35.73, RIYADH\smohammed, Mozilla/4.0 (compatible; MSIE 5.01; HostOL
4.4.2.0), -, 4/9/2004, 0:00:39, -, IT-ISA01, -, -, -, 0, 0, 1092, 0, -, -,
POST, http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll
<http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll> , -, -, 12209, -,
-, -
-, -, Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Fetch API Request,
-, 4/9/2004, 0:00:41, -, IT-ISA01, -, 212.93.193.87, 212.93.193.87, 8080,
15828, 139, 60635, http, -, GET, 
http://gatorcme.gator.com/gatorcme/autoupdate/installdatemanager.exe
<http://gatorcme.gator.com/gatorcme/autoupdate/installdatemanager.exe> , -,
-, 12209, -, -, -
172.20.25.175, anonymous, Mozilla/4.01 [en] (Win95; I), -, 4/9/2004,
0:00:48, -, IT-IS

I am facing a new problem, when I try to create a destination set for
reports.hotbar.com and gatorcme.gator.com and apply it in site and content
rule and the internet gets damm slow. When I try to disable this rule, then
internet goes fast. What is this behaviour and why is it happening?? Jim is
ther a way to overcome or did I miss something.

Thanks a lott for the help
AThif

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx <mailto:jim@xxxxxxxxxxxx> ] 
Sent: Monday, 12 April 2004 9:45 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Unable to block Websites


http://www.ISAserver.org <http://www.ISAserver.org> 

The ISA reports are VERY basic.
ISA logs, on the other hand are VERY detailed.
When ISA receives traffic from a client , it logs how much data was
transferred between them.  This includes any auth 
request/response, or request/refusal traffic.  just because traffic was
logged for a request, doesn't mean it actually made it 
across ISA.

As I said, if you want to know whether or not a particular request was
allowed or refused, read the logs, not the reports.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG  http://www.microsoft.com/isaserver
<http://www.microsoft.com/isaserver> 
 http://isaserver.org/Jim_Harrison <http://isaserver.org/Jim_Harrison> 
 http://isatools.org <http://isatools.org> 

 Read the help, books and articles!
----- Original Message ----- 
From: <mathif@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, April 12, 2004 06:38
Subject: [isalist] Re: Unable to block Websites


http://www.ISAserver.org <http://www.ISAserver.org> 

Hi Jim,
I agree with you. But, how can you justify with the bandwidth in colum from
ISA REPORT. It shows a lot of bandwidth coming in from reports.hotbar.com.
Yes, I didn't use "http:// <http://> " for the destination set.

What do you say?

Thanks,
Athif

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx <mailto:jim@xxxxxxxxxxxx> ]
Sent: Sunday, 11 April 2004 4:50 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Unable to block Websites


http://www.ISAserver.org <http://www.ISAserver.org> 

It shows in the reports because you made the request of ISA. Read the LOGS,
not the REPORTS.

Take a read in the ISA help; the log fields are explained there. If you want
to block a certain site, then include that site (wihtout the "http://
<http://> " part) in a destination set and use that destination set in a
"deny" site and content rule.

It's all in the help.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/ <http://isaserver.org/Jim_Harrison/> 
  http://isatools.org <http://isatools.org> 
  Read the help / books / articles!


On Sun, 11 Apr 2004 10:38:16 +0300
 mathif@xxxxxxxxxxxxxxx wrote:
http://www.ISAserver.org <http://www.ISAserver.org> 

Hi Jim,
Can you tell me what is sc-result code?
Like, when I try to browse www.hotbar.com <www.hotbar.com>  I cant then why
is it showing in ISA REPORTS. I want to get rid of this becoz the internet
is going down.

What shuld I do?? Please help me

Regards,
Athif

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx <mailto:jim@xxxxxxxxxxxx> ]
Sent: Saturday, 10 April 2004 6:40 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Unable to block Websites


http://www.ISAserver.org <http://www.ISAserver.org> 

ISA Reports are not good validation tools, as they report on ALL traffic,
blocked or allowed. Use your logs to see what the sc-result code was.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG  http://www.microsoft.com/isaserver
<http://www.microsoft.com/isaserver> 
 http://isaserver.org/Jim_Harrison <http://isaserver.org/Jim_Harrison> 
 http://isatools.org <http://isatools.org> 

 Read the help, books and articles!
----- Original Message ----- 
From: <mathif@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Saturday, April 10, 2004 05:50
Subject: [isalist] Unable to block Websites


http://www.ISAserver.org <http://www.ISAserver.org> 

Dear Experts,
Actually, I am trying to block report.hotbar.com and gatorcme.gator.com as
its using lot of my bandwidth which I can see in ISA Reports. To block this,
I have created a Destination Set seperately for both this sites and applied
Site&Content Rule. But, still I can see that in the ISA REPORTS. I create
the reports on daily basis.

Is there something I am missing or is there any other way I shuld do it??

Your thoughts please.

Regards,
Athif


  ----------------------------------------------------- 
 This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom/which they are
addressed. If you have received this email in error please notify the system
manager at the following email address: sadmin@xxxxxxxxxxxxxxx
<mailto:sadmin@xxxxxxxxxxxxxxx>. Please note that any views or opinions
presented in this email are solely those of the author and do not
necessarily represent those of Al Faisaliah Group. Internet communications
cannot be guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, arrive late or contain viruses. The sender
therefore does not accept liability for any errors or omissions in the
context of this message, which arise as a result of Internet transmission.
Finally, the recipient should check this email and any attachments for the
presence of viruses. Al Faisaliah Group accepts no liability for any damage
caused by any virus transmitted by this email. 
  ----------------------------------------------------- 
 

Other related posts: