[isalist] Re: Access Rule Issue...

From: Jim Harrison <Jim@xxxxxxxxxxxx>
To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
Date: Fri, 30 Jan 2009 17:18:06 -0800

http://www.ISAserver.org
-------------------------------------------------------

A1 - you must not use name-based destination in a rule that includes "all 
protocols".  Name-based rules are ONLY for HTTP and HTTPS.
A2 - you cannot use URL sets for SSL connections because unlike CERN HTTP and 
CERN FTP traffic, ISA never has access to the entire URL for HTTPS tunnels.

You can create two rules:
1. allow HTTP/HTTPS from to specific destinations
2. deny all 

JimmyJoeBob Alooba
Office 2007 on Win7 Beta




-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Tom Rogers
Sent: Friday, January 30, 2009 9:12 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Access Rule Issue...

http://www.ISAserver.org
-------------------------------------------------------
  
I am using ISA 2006 SP-1 on a W2K3 SP1 server.

I created an access rule for a specific user that denies all traffic
from internal to external, except a list of a few websites that I put
into a URL Set. This works just fine, except when it comes to accessing
https websites and I cannot figure it out. 

If the user tries to go to any website outsite of the URL Set contents,
I redirect to a custom page stating that the website is not allowed from
this computer. For example, if the user tries to go to cnn.com, my
custom denial page displays.

But with the HTTPS sites failure for the allowed sites, it does not go
to my custom page, but just tells me IE cannot display the webpage.

For example - in my URL Set I have a website
HTTP://WWW.EXCELLUSBCBS.COM/* but when you go to this root website it
changes to https://www.excellusbcbs.com/wps/portal/xl in a web browser.
So then I put that new address into my URL Set as well. I don't get the
redirect page, but I just get an error stating IE cannot display the
webpage.

Why is this? I have allowed that specific URL in my URL Set.

TIA,

-Tom Rogers


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

References:
- [isalist] Re: ISA 2006 SP1 and Exchange 2007 SP1
  - From: Thomas W Shinder
- [isalist] Access Rule Issue...
  - From: Tom Rogers

[isalist] Re: Access Rule Issue...

Other related posts: