RE: on limiting site access (again)...

• From: Marcio Monteiro <mmonteiro@xxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 24 Mar 2003 20:43:10 -0300

Hi guy.

I Have the same problem and I found this article in microsoft site

You Are Denied Access to a Destination Set When You Use Site and Content
Rules (295089)
The information in this article applies to:
Microsoft Internet Security and Acceleration Server 2000

This article was previously published under Q295089
SYMPTOMS
When you use a Site and Content rule that allows you to gain access to a
selected destination set, if that destination set contains both a domain
name and an Internet Protocol (IP) address, you can gain access to either
that domain name or that IP address.

However, when you create a Site and Content Allow rule, and then create a
Site and Content Deny rule that denies access to all destinations except a
selected set, if you specify the destination set that is used in the Site
and Content Allow rule, you are denied access to either the domain or the IP
address that you specified in the Site and Content Allow rule. In addition,
you may receive the following error message in your Web browser: 

HTTP 502 Proxy Error - The ISA Server denies the specified Uniform Resource
Locator (URL). 
(12202) Internet Security and Acceleration Server 
If you create a Site and Content Deny rule that contains a redirect action
for Hypertext Transfer Protocol (HTTP) requests, you do not receive the
preceding error message. Instead, you are redirected to the custom deny
page. 
CAUSE
This issue can occur because when you use the All destinations except
selected set setting in a Site and Content rule, Internet Security and
Acceleration (ISA) Server incorrectly processes only the IP addresses in the
destination set. As a result, the Site and Content Deny rule matches the
Site and Content Allow rule under certain conditions. When the Site and
Content Deny rule matches the Site and Content Allow rule, your request to
gain access to the destination set is denied. 
RESOLUTION
To resolve this problem, obtain the latest service pack for ISA Server 2000.
For additional information, click the article number below to view the
article in the Microsoft Knowledge Base: 

313139 How to Obtain the Latest Internet Security and Acceleration Server
2000 Service Pack 


STATUS
Microsoft has confirmed that this is a problem in the Microsoft products
that are listed at the beginning of this article. 

This problem was corrected in Internet Security and Acceleration Server
Service Pack 1.

MORE INFORMATION
This problem occurs only if you have a combination of domain names and IP
addresses in the destination set, and if you use the All destinations except
selected set setting in a Site and Content rule combination. If you use only
domain names in your destination sets, this problem does not occur.  

THIS ARTICLE IS NOT TRUE.

I HAVE SP1 FOR ISA.

I TRY IN OTHER MACHINES WITH ISA AND SP1 + ISAFP1 + HOTFIX.

AND DONT WORK.

I NEED HELP. PLEASE.

TANK YOU.

-----Original Message-----
From: infosys1@xxxxxxxxxxxxxxxxxxxxxxxxx
[mailto:infosys1@xxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Monday, March 24, 2003 8:29 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] on limiting site access (again)...


http://www.ISAserver.org


hi tom and guys.actually, i already done this stuff, i already limited the
access of site for my user. however, i just discovered that when they
click a certain page on the allowed site, it just goes back to the home
page. what items should i add or configure to the S&C i created to deny
all destination except selected site. pls help.TIA


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mmonteiro@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

**********************************************************************
Esta mensagem, incluindo seus anexos, tem carater confidencial e seu conteudo 
eh restrito ao destinatario da mensagem. Caso voce tenha recebido esta mensagem 
por engano, queira por favor retorna-la ao destinatario e apaga-la de seus 
arquivos. Qualquer uso nao autorizado, replicacao ou disseminacao desta 
mensagem ou parte dela eh expressamente probibido. A DBA nao eh responsavel 
pelo conteudo ou a veracidade desta informacao.
**********************************************************************

Other related posts:

• » on limiting site access (again)...
• » RE: on limiting site access (again)...
• » RE: on limiting site access (again)...

1. Home
2. isalist
3. Archive
4. 03-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---