Have you checked if the rules are in the right order? Allow rule should come before deny rules. Regards, Raj From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers <trogers@xxxxxxxxxxxxxxxxxx> Sent: Monday, February 02, 2009 10:19 AM To: <isalist@xxxxxxxxxxxxx> Subject: [isalist] Re: Access Rule Issue... http://www.ISAserver.org ------------------------------------------------------- Ok, here is what I did. I created a URL set of the sites that I need to allow. I created Rule 1 as follows: ACTION: Allow (and log) PROTOCOLS: HTTP/HTTPS FROM: Internal TO: (my URL Set) USERS: (my specific user) SCHEDULE: Always CONTENT TYPES: All content type I created Rule 2 as follows: ACTION: Deny (redirect to custom page and log) PROTOCOLS: All Outbound FROM: Internal TO: External USERS: (my specific user) SCHEDULE: Always CONTENT TYPES: All content type SSL sites are still not allowed, so what do I need to change to allow this user to access the necessary SSL sites? -Tom > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Jim Harrison > Sent: Friday, January 30, 2009 8:18 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Access Rule Issue... > > http://www.ISAserver.org > ------------------------------------------------------- > > A1 - you must not use name-based destination in a rule that includes "all > protocols". Name-based rules are ONLY for HTTP and HTTPS. > A2 - you cannot use URL sets for SSL connections because unlike CERN HTTP > and CERN FTP traffic, ISA never has access to the entire URL for HTTPS > tunnels. > > You can create two rules: > 1. allow HTTP/HTTPS from to specific destinations > 2. deny all > > JimmyJoeBob Alooba > Office 2007 on Win7 Beta > > > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Tom Rogers > Sent: Friday, January 30, 2009 9:12 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Access Rule Issue... > > http://www.ISAserver.org > ------------------------------------------------------- > > I am using ISA 2006 SP-1 on a W2K3 SP1 server. > > I created an access rule for a specific user that denies all traffic > from internal to external, except a list of a few websites that I put > into a URL Set. This works just fine, except when it comes to accessing > https websites and I cannot figure it out. > > If the user tries to go to any website outsite of the URL Set contents, > I redirect to a custom page stating that the website is not allowed from > this computer. For example, if the user tries to go to cnn.com, my > custom denial page displays. > > But with the HTTPS sites failure for the allowed sites, it does not go > to my custom page, but just tells me IE cannot display the webpage. > > For example - in my URL Set I have a website > HTTP://WWW.EXCELLUSBCBS.COM/* but when you go to this root website it > changes to https://www.excellusbcbs.com/wps/portal/xl in a web browser. > So then I put that new address into my URL Set as well. I don't get the > redirect page, but I just get an error stating IE cannot display the > webpage. > > Why is this? I have allowed that specific URL in my URL Set. > > TIA, > > -Tom Rogers > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx