RE: Block Web access for non-Web Proxy clients

  • From: "Ara" <ara@xxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 5 Apr 2005 13:13:07 -0700

Tom,

It appeared on alerts tab. I disabled the rule and restarted the server.
Everything came back fine. So I tried re enabled the rule for one more
test. Some how it is working fine now about 20 minutes and no error yet.
Interesting. I also tried and fire fox direct access didn't work. Lovely
(!!!) 

Is it safe enough to add tcp 443 outbound and 21 tcp outbound for https
and ftp without filters bound to them?

Thank you sir

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Tuesday, April 05, 2005 12:43 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Block Web access for non-Web Proxy clients

http://www.ISAserver.org

Hi Ara,

Where do you see this error? Sounds like maybe a coincidence. 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: Ara [mailto:ara@xxxxxxxxxxxxx] 
Sent: Tuesday, April 05, 2005 2:42 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Block Web access for non-Web Proxy clients

http://www.ISAserver.org

Tom and Dan,
I don't what I have done wrong here. Created a protocol, tcp outbound
port 80, didn't add proxy filter to it. Created a deny rule on top based
on this protocol. Everybody got the firewall client installed.
Now I get the error that unable to bind the web filter, because some
other service is using it and no internet at all
Any idea?

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Tuesday, April 05, 2005 12:24 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Block Web access for non-Web Proxy clients

http://www.ISAserver.org

Hi Dan,

You bet. And to carry it one step futher, you could add the FTP control
channel port to the Protocol Definition and force all FTP connections
through the Web proxy :) 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] 
Sent: Tuesday, April 05, 2005 2:18 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Block Web access for non-Web Proxy clients

http://www.ISAserver.org

True, you should be able to add that port into the protocol definition
created in your instructions also.  Glad you pointed that out, forgot
about that, all they'd have to do is switch to https (if that site
supported it) instead of http and it would go through after all...

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Tuesday, April 05, 2005 13:34
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Block Web access for non-Web Proxy clients

http://www.ISAserver.org

Hi Roy,

The users will still be able to disable the Web proxy settings. They
just won't be able to get to any resources requiring outbound access TCP
80, and I assume we can do the same thing with TCP 443, since the same
principles apply. 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ara@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ara@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 04-2005