Re: Unable to block Websites
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 13 Apr 2004 09:29:06 -0700
Your first responsibility is to provide solid name resolution for your ISA.
If this presents problems for you, there are plenty of articles and documents
at www.isaserver.org for you to read.
Actual name to IP mappings are the responsibility of the folks hosting the site.
Since you can't rely on them to do this properly, this hotfix is the only way
of dealing with them.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: <mathif@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, April 13, 2004 07:36
Subject: [isalist] Re: Unable to block Websites
http://www.ISAserver.org
Hi Jim,
Thanks a million for the info.
In my case, Is hot fix the only work around for this bad name resolution?
Thanks a lot.
Athif
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Tuesday, 13 April 2004 4:20 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Unable to block Websites
http://www.ISAserver.org
The sc-result codes are:
407 = proxy auth required
12209 = denied by ISA policies.
Regarding your slowdown, ISA will try to resolve all destinations to IP and
back to a name to make sure that a client isn't trying
to "get around" a policy.
If your ISA has crappy name resolution, then this will take a long time. See
if this helps you: http://support.microsoft.com/?id=292018
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: <mathif@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, April 13, 2004 02:51
Subject: [isalist] Re: Unable to block Websites
http://www.ISAserver.org
Hi Jim,
Thanks a lot for the info.
This is what I found in Logs
http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll
<http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll> , -, -, 407, -, -,
-
172.20.50.140, RIYADH\mabdulrahim, Mozilla/4.0 (compatible; MSIE 5.01;
HostIE 4.4.2.0), -, 4/9/2004, 0:00:54, -, IT-ISA01, -, -, -, 0, 0, 696, 0,
-, -, POST, http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll
<http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll> , -, -, 12209, -,
-, - 172.20.25.175, RIYADH\abin-siddique, Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1), -, 4/9/2004, 0:00:54, -, IT-ISA01, -, 212.93.193.87,
212.93.193.87, 8080, 2734, 604, 47584, http, -, GET,
http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll
<http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll> , -, -, 407, -, -,
-
172.20.35.73, RIYADH\smohammed, Mozilla/4.0 (compatible; MSIE 5.01; HostOL
4.4.2.0), -, 4/9/2004, 0:00:39, -, IT-ISA01, -, -, -, 0, 0, 1092, 0, -, -,
POST, http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll
<http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll> , -, -, 12209, -,
-, - -, -, Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Fetch API
Request, -, 4/9/2004, 0:00:41, -, IT-ISA01, -, 212.93.193.87, 212.93.193.87,
8080, 15828, 139, 60635, http, -, GET,
http://gatorcme.gator.com/gatorcme/autoupdate/installdatemanager.exe
<http://gatorcme.gator.com/gatorcme/autoupdate/installdatemanager.exe> , -,
-, 12209, -, -, - 172.20.25.175, anonymous, Mozilla/4.01 [en] (Win95; I), -,
4/9/2004, 0:00:48, -, IT-IS
I am facing a new problem, when I try to create a destination set for
reports.hotbar.com and gatorcme.gator.com and apply it in site and content
rule and the internet gets damm slow. When I try to disable this rule, then
internet goes fast. What is this behaviour and why is it happening?? Jim is
ther a way to overcome or did I miss something.
Thanks a lott for the help
AThif
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx <mailto:jim@xxxxxxxxxxxx> ]
Sent: Monday, 12 April 2004 9:45 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Unable to block Websites
http://www.ISAserver.org <http://www.ISAserver.org>
The ISA reports are VERY basic.
ISA logs, on the other hand are VERY detailed.
When ISA receives traffic from a client , it logs how much data was
transferred between them. This includes any auth request/response, or
request/refusal traffic. just because traffic was logged for a request,
doesn't mean it actually made it across ISA.
As I said, if you want to know whether or not a particular request was
allowed or refused, read the logs, not the reports.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver
<http://www.microsoft.com/isaserver>
http://isaserver.org/Jim_Harrison <http://isaserver.org/Jim_Harrison>
http://isatools.org <http://isatools.org>
Read the help, books and articles!
----- Original Message -----
From: <mathif@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, April 12, 2004 06:38
Subject: [isalist] Re: Unable to block Websites
http://www.ISAserver.org <http://www.ISAserver.org>
Hi Jim,
I agree with you. But, how can you justify with the bandwidth in colum from
ISA REPORT. It shows a lot of bandwidth coming in from reports.hotbar.com.
Yes, I didn't use "http:// <http://> " for the destination set.
What do you say?
Thanks,
Athif
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx <mailto:jim@xxxxxxxxxxxx> ]
Sent: Sunday, 11 April 2004 4:50 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Unable to block Websites
http://www.ISAserver.org <http://www.ISAserver.org>
It shows in the reports because you made the request of ISA. Read the LOGS,
not the REPORTS.
Take a read in the ISA help; the log fields are explained there. If you want
to block a certain site, then include that site (wihtout the "http://
<http://> " part) in a destination set and use that destination set in a
"deny" site and content rule.
It's all in the help.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/ <http://isaserver.org/Jim_Harrison/>
http://isatools.org <http://isatools.org>
Read the help / books / articles!
On Sun, 11 Apr 2004 10:38:16 +0300
mathif@xxxxxxxxxxxxxxx wrote:
http://www.ISAserver.org <http://www.ISAserver.org>
Hi Jim,
Can you tell me what is sc-result code?
Like, when I try to browse www.hotbar.com <www.hotbar.com> I cant then why
is it showing in ISA REPORTS. I want to get rid of this becoz the internet
is going down.
What shuld I do?? Please help me
Regards,
Athif
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx <mailto:jim@xxxxxxxxxxxx> ]
Sent: Saturday, 10 April 2004 6:40 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Unable to block Websites
http://www.ISAserver.org <http://www.ISAserver.org>
ISA Reports are not good validation tools, as they report on ALL traffic,
blocked or allowed. Use your logs to see what the sc-result code was.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver
<http://www.microsoft.com/isaserver>
http://isaserver.org/Jim_Harrison <http://isaserver.org/Jim_Harrison>
http://isatools.org <http://isatools.org>
Read the help, books and articles!
----- Original Message -----
From: <mathif@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Saturday, April 10, 2004 05:50
Subject: [isalist] Unable to block Websites
http://www.ISAserver.org <http://www.ISAserver.org>
Dear Experts,
Actually, I am trying to block report.hotbar.com and gatorcme.gator.com as
its using lot of my bandwidth which I can see in ISA Reports. To block this,
I have created a Destination Set seperately for both this sites and applied
Site&Content Rule. But, still I can see that in the ISA REPORTS. I create
the reports on daily basis.
Is there something I am missing or is there any other way I shuld do it??
Your thoughts please.
Regards,
Athif
-----------------------------------------------------
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom/which they are
addressed. If you have received this email in error please notify the system
manager at the following email address: sadmin@xxxxxxxxxxxxxxx
<mailto:sadmin@xxxxxxxxxxxxxxx>. Please note that any views or opinions
presented in this email are solely those of the author and do not
necessarily represent those of Al Faisaliah Group. Internet communications
cannot be guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, arrive late or contain viruses. The sender
therefore does not accept liability for any errors or omissions in the
context of this message, which arise as a result of Internet transmission.
Finally, the recipient should check this email and any attachments for the
presence of viruses. Al Faisaliah Group accepts no liability for any damage
caused by any virus transmitted by this email.
-----------------------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts: