RE: Access to one URL subdirectory

  • From: "Jim Locke" <jim@xxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 19 Nov 2001 07:36:10 -0800

Don't use URLScan, I tired this. Here's what happened:

Webserver had all the approp. patches to prevent the codered & nimda and so
on.
Installed URLScan and made 1 change to allow 'directory traversing'.
Went for a qwk coffee, came back 1/2 hour later to see NIMDA infecting
server (running packet sniffer)
Called PSS, talked with several people, the 'directory traversing' over-rode
all previous patches.
Their fix for this:

FORMAT C

Jim..

----- Original Message -----
From: "Jeremy Cooke" <jez@xxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, November 19, 2001 5:28 AM
Subject: [isalist] RE: Access to one URL subdirectory


http://www.ISAserver.org


Im sure there's a way to do this with ISA, but just as a quick thought I
heard a while ago you can use URLScan from microsoft as an Web Filter
under ISA. This allows you to specify what verbs are allowed/not
allowed...although I think it only works for incomming requests, I
havent tried it.

Regards,
Jeremy.



-----Original Message-----
From: Morvan Daniel Muller [mailto:morvan@xxxxxxxxxxxxxxx]
Sent: 13 November 2001 13:21
To: [ISAserver.org Discussion List]
Subject: [isalist] Access to one URL subdirectory


http://www.ISAserver.org


Hello!

I want to deny access to anything in some URL
and allow access to only one subdirectory/*.

sample:
allow www.urlx.com/computer/*
deny *.urlx.com

ISA's don't have rule sequence meaning, so if I configure a deny rule in
"web and contents rules" and refer destination as "*.urlx.com" this rule
have priority against "allow" rules.

Anyone have sugestions?

Thanks,


Morvan Daniel Muller
morvan@xxxxxxxxxxxxxxx
Analista de Suporte - Softplan/Poligraph
Sistema da Qualidade Certificado - ISO9001 - BRTUV/INMETRO
Fone: 0XX(48)333-0389
Florianópolis - SC

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jez@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 11-2001