Here's the BQOD: What is the exact entry in the Path section of the Dest Set for the S&C rule? Does it use the "/*" form? Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, March 04, 2002 07:07 Subject: [isalist] BIG FUN with Site and Content Rules http://www.ISAserver.org Hey guys, Check this baby out! Its not good. Someone on the ISAserver.org message boards said he was having a hard time blocking www.wrestlezone.com. So I decided to test it out to see what the issue was. Here's what I did: I created a Site and Content Rule to block *.wrestlezone.com Then I clicked the link he provided at http://www.isaserver.org/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=2;t=0035 17 when you click on the link, notice the URL that shows up in the browser. It should look like this: http://www.wrestlezone.com./ Guess what? The Site and Content Rule blocks www.wrestlezone.com just fine, but it does NOT block the fully qualified path!!!!! If you go to www.wrestlezone.com./ you can still get to the Site. You have to add another entry in the Site and Content rule to block: *.wrestlezone.com. (must include the trailing period) OUCH! Try it out for yourselves and confirm that this might be a major loophole for your craftier users. Thanks! Tom www.isaserver.org/shinder -----Original Message----- From: Mahdi [mailto:mahdi_shirazi@xxxxxxxxx] Sent: Monday, March 04, 2002 8:07 AM To: [ISAserver.org Discussion List] Subject: [isalist] Transparent Cache for ISP http://www.ISAserver.org hi all I read in this list that dial up users cannot be snat clients. is this the last word in scenarios like this simple ISP scenario : Internet--->ISA(Transparent Cache)----->RAS---->dialup users is it possible for dial-up users to access internet and use cache transparently(without proxy setting or firewall client software) ? how? (in my test when RAS cmputer was a SNAT client ,dialup users can access internet with very low performace.) tanks. mehdi ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')