Re: BIG FUN with Site and Content Rules

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 4 Mar 2002 16:07:03 -0800

Here's the BQOD:
What is the exact entry in the Path section of the Dest Set for the S&C
rule?
Does it use the "/*" form?

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!

----- Original Message -----
From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, March 04, 2002 07:07
Subject: [isalist] BIG FUN with Site and Content Rules


http://www.ISAserver.org


Hey guys,

Check this baby out! Its not good.

Someone on the ISAserver.org message boards said he was having a hard
time blocking www.wrestlezone.com. So I decided to test it out to see
what the issue was.

Here's what I did:

I created a Site and Content Rule to block *.wrestlezone.com  Then I
clicked the link he provided at
http://www.isaserver.org/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=2;t=0035
17 when you click on the link, notice the URL that shows up in the
browser. It should look like this:

http://www.wrestlezone.com./

Guess what? The Site and Content Rule blocks www.wrestlezone.com just
fine, but it does NOT block the fully qualified path!!!!! If you go to
www.wrestlezone.com./ you can still get to the Site. You have to add
another entry in the Site and Content rule to block:

*.wrestlezone.com. (must include the trailing period)

OUCH!

Try it out for yourselves and confirm that this might be a major
loophole for your craftier users.

Thanks!

Tom
www.isaserver.org/shinder


-----Original Message-----
From: Mahdi [mailto:mahdi_shirazi@xxxxxxxxx]
Sent: Monday, March 04, 2002 8:07 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Transparent Cache for ISP

http://www.ISAserver.org


hi all

I read in this list that dial up users cannot be snat clients. is this
the
last word in scenarios like this simple ISP scenario :

Internet--->ISA(Transparent Cache)----->RAS---->dialup users

is it possible for dial-up users to access internet and use cache
transparently(without proxy setting or firewall client software) ? how?
(in my test when RAS cmputer was a SNAT client ,dialup users can access
internet with very low performace.)

tanks.
mehdi

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » BIG FUN with Site and Content Rules
• » Re: BIG FUN with Site and Content Rules
• » Re: BIG FUN with Site and Content Rules

1. Home
2. isalist
3. Archive
4. 03-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---