Hi guy. I Have the same problem and I found this article in microsoft site You Are Denied Access to a Destination Set When You Use Site and Content Rules (295089) The information in this article applies to: Microsoft Internet Security and Acceleration Server 2000 This article was previously published under Q295089 SYMPTOMS When you use a Site and Content rule that allows you to gain access to a selected destination set, if that destination set contains both a domain name and an Internet Protocol (IP) address, you can gain access to either that domain name or that IP address. However, when you create a Site and Content Allow rule, and then create a Site and Content Deny rule that denies access to all destinations except a selected set, if you specify the destination set that is used in the Site and Content Allow rule, you are denied access to either the domain or the IP address that you specified in the Site and Content Allow rule. In addition, you may receive the following error message in your Web browser: HTTP 502 Proxy Error - The ISA Server denies the specified Uniform Resource Locator (URL). (12202) Internet Security and Acceleration Server If you create a Site and Content Deny rule that contains a redirect action for Hypertext Transfer Protocol (HTTP) requests, you do not receive the preceding error message. Instead, you are redirected to the custom deny page. CAUSE This issue can occur because when you use the All destinations except selected set setting in a Site and Content rule, Internet Security and Acceleration (ISA) Server incorrectly processes only the IP addresses in the destination set. As a result, the Site and Content Deny rule matches the Site and Content Allow rule under certain conditions. When the Site and Content Deny rule matches the Site and Content Allow rule, your request to gain access to the destination set is denied. RESOLUTION To resolve this problem, obtain the latest service pack for ISA Server 2000. For additional information, click the article number below to view the article in the Microsoft Knowledge Base: 313139 How to Obtain the Latest Internet Security and Acceleration Server 2000 Service Pack STATUS Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was corrected in Internet Security and Acceleration Server Service Pack 1. MORE INFORMATION This problem occurs only if you have a combination of domain names and IP addresses in the destination set, and if you use the All destinations except selected set setting in a Site and Content rule combination. If you use only domain names in your destination sets, this problem does not occur. THIS ARTICLE IS NOT TRUE. I HAVE SP1 FOR ISA. I TRY IN OTHER MACHINES WITH ISA AND SP1 + ISAFP1 + HOTFIX. AND DONT WORK. I NEED HELP. PLEASE. TANK YOU. -----Original Message----- From: infosys1@xxxxxxxxxxxxxxxxxxxxxxxxx [mailto:infosys1@xxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Monday, March 24, 2003 8:29 PM To: [ISAserver.org Discussion List] Subject: [isalist] on limiting site access (again)... http://www.ISAserver.org hi tom and guys.actually, i already done this stuff, i already limited the access of site for my user. however, i just discovered that when they click a certain page on the allowed site, it just goes back to the home page. what items should i add or configure to the S&C i created to deny all destination except selected site. pls help.TIA ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mmonteiro@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ********************************************************************** Esta mensagem, incluindo seus anexos, tem carater confidencial e seu conteudo eh restrito ao destinatario da mensagem. Caso voce tenha recebido esta mensagem por engano, queira por favor retorna-la ao destinatario e apaga-la de seus arquivos. Qualquer uso nao autorizado, replicacao ou disseminacao desta mensagem ou parte dela eh expressamente probibido. A DBA nao eh responsavel pelo conteudo ou a veracidade desta informacao. **********************************************************************