[isalist] Re: Blocking sites

  • From: Steven Comeau <scomeau@xxxxxxxxxxxxxxxxxx>
  • To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 26 Mar 2010 12:08:30 -0400

Not sure what this means (sorry, I'm more of a layman when it comes to this 
stuff).

I couldn't stop twitter at all.  I decided to setup a DNS server on my 2003 
server and just add those domains there, change DHCP to have the DNS server to 
that machine, and redirect those domains toward our home page IP.  Since users 
don't have admin access to the machines, they can't change the IP 
configurations.

Steve Comeau
Associate Director of IT  Rutgers Athletics
83 Rockafeller Road
Piscataway, NJ  08854
732-445-7802
732-445-4623 (fax)
www.scarletknights.com<http://www.scarletknights.com>


[cid:image001.png@01CACCDD.0CB752A0]
  [cid:image002.jpg@01CACCDD.0CB752A0]




From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Friday, March 26, 2010 2:56 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Blocking sites

For HTTPS traffic, ISA has:
only the domain name for Web proxy clients.
only the destination IP address for FWC and SecureNET clients .

Consequently, if you are also serving SecureNET and FWC users, you have to also 
block the destination IP address.

Jim


From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Steven Comeau
Sent: Thursday, March 25, 2010 8:24 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Blocking sites

Thanks Dan.

I don't want to block all HTTPS traffic, only to certain sites.  Should that be 
a separate rule for HTTPS and then another for HTTP only to certain Domain Name 
Sets?  These users are not part of a domain, the machines are stand-alone 
(makes it easier to deploy the cloning).

If I use the Domain Name Set "*.twitter.com" shouldn't that block them all?

Steve Comeau
Associate Director of IT  Rutgers Athletics
83 Rockafeller Road
Piscataway, NJ  08854
732-445-7802
732-445-4623 (fax)
www.scarletknights.com<http://www.scarletknights.com>


[cid:image007.png@01CACCDC.FA7C6C10]
  [cid:image008.jpg@01CACCDC.FA7C6C10]




From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Dan Ball
Sent: Wednesday, March 24, 2010 9:59 PM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: Blocking sites


1.       Check what address you're blocking, Twitter likes to redirect to a 
different URL (i.e. www.twitter.com<http://www.twitter.com> redirects to 
twitter.com).  Your monitoring log should show you what is going on.

2.       Create a rule that blocks the HTTPS protocol itself (you can specify a 
specific AD group if you want) and put it before the rule that allows web 
traffic.


From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Steven Comeau
Sent: Wednesday, March 24, 2010 6:04 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Blocking sites

Okay, I'm trying to block access in my student lab to sites like Twitter, 
Facebook, MySpace, and eBay.  I seem to be successful with the last 3, but 
Twitter is giving me a problem.  Also, is there a way to block HTTPS traffic 
and not just HTTP?  I've tried both domain name sets and URL sets, but https 
traffic comes through.  Perhaps I have the wrong syntax.  Oddly enough, no 
matter what I do, I can't seem to block Twitter.  I'm using ISA 2006.

I thought about redirecting DNS to a different server and modifying the 
entries, but shouldn't this work in ISA?  Perhaps if I also was able to get the 
range of IPs for those sites I could block those.

Thanks in advance.

Steve Comeau
Associate Director of IT  Rutgers Athletics
83 Rockafeller Road
Piscataway, NJ  08854
732-445-7802
732-445-4623 (fax)
www.scarletknights.com<http://www.scarletknights.com>


[cid:image007.png@01CACCDC.FA7C6C10]
  [cid:image008.jpg@01CACCDC.FA7C6C10]





***  This message contains confidential information and is

intended only for the individual named. If you are not the

named addressee, you should not disseminate, distribute or

copy this e-mail. Please notify the sender immediately by

e-mail if you have received this e-mail by mistake and delete

this e-mail from your system. E-mail transmission cannot be

guaranteed to be secure or error-free as information could be

intercepted, corrupted, lost, destroyed, arrive late or

incomplete, or contain viruses.  The sender therefore does not

accept liability for any errors or omissions in the contents of

this message, which arise as a result of e-mail transmission.

If verification is required please request a hard-copy version.

Rutgers University - DIA

83 Rockafeller Road

Piscataway, NJ 08854

www.scarletknights.com<http://www.scarletknights.com> ***



***  This message contains confidential information and is

intended only for the individual named. If you are not the

named addressee, you should not disseminate, distribute or

copy this e-mail. Please notify the sender immediately by

e-mail if you have received this e-mail by mistake and delete

this e-mail from your system. E-mail transmission cannot be

guaranteed to be secure or error-free as information could be

intercepted, corrupted, lost, destroyed, arrive late or

incomplete, or contain viruses.  The sender therefore does not

accept liability for any errors or omissions in the contents of

this message, which arise as a result of e-mail transmission.

If verification is required please request a hard-copy version.

Rutgers University - DIA

83 Rockafeller Road

Piscataway, NJ 08854

www.scarletknights.com<http://www.scarletknights.com> ***



***  This message contains confidential information and is
intended only for the individual named. If you are not the
named addressee, you should not disseminate, distribute or
copy this e-mail. Please notify the sender immediately by
e-mail if you have received this e-mail by mistake and delete
this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be 
intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses.  The sender therefore does not
accept liability for any errors or omissions in the contents of
this message, which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
Rutgers University - DIA
83 Rockafeller Road
Piscataway, NJ 08854
www.scarletknights.com *** 

PNG image

JPEG image

PNG image

JPEG image

Other related posts: