Not sure what this means (sorry, I'm more of a layman when it comes to this stuff). I couldn't stop twitter at all. I decided to setup a DNS server on my 2003 server and just add those domains there, change DHCP to have the DNS server to that machine, and redirect those domains toward our home page IP. Since users don't have admin access to the machines, they can't change the IP configurations. Steve Comeau Associate Director of IT Rutgers Athletics 83 Rockafeller Road Piscataway, NJ 08854 732-445-7802 732-445-4623 (fax) www.scarletknights.com<http://www.scarletknights.com> [cid:image001.png@01CACCDD.0CB752A0] [cid:image002.jpg@01CACCDD.0CB752A0] From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Friday, March 26, 2010 2:56 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Blocking sites For HTTPS traffic, ISA has: only the domain name for Web proxy clients. only the destination IP address for FWC and SecureNET clients . Consequently, if you are also serving SecureNET and FWC users, you have to also block the destination IP address. Jim From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steven Comeau Sent: Thursday, March 25, 2010 8:24 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Blocking sites Thanks Dan. I don't want to block all HTTPS traffic, only to certain sites. Should that be a separate rule for HTTPS and then another for HTTP only to certain Domain Name Sets? These users are not part of a domain, the machines are stand-alone (makes it easier to deploy the cloning). If I use the Domain Name Set "*.twitter.com" shouldn't that block them all? Steve Comeau Associate Director of IT Rutgers Athletics 83 Rockafeller Road Piscataway, NJ 08854 732-445-7802 732-445-4623 (fax) www.scarletknights.com<http://www.scarletknights.com> [cid:image007.png@01CACCDC.FA7C6C10] [cid:image008.jpg@01CACCDC.FA7C6C10] From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Dan Ball Sent: Wednesday, March 24, 2010 9:59 PM To: 'isalist@xxxxxxxxxxxxx' Subject: [isalist] Re: Blocking sites 1. Check what address you're blocking, Twitter likes to redirect to a different URL (i.e. www.twitter.com<http://www.twitter.com> redirects to twitter.com). Your monitoring log should show you what is going on. 2. Create a rule that blocks the HTTPS protocol itself (you can specify a specific AD group if you want) and put it before the rule that allows web traffic. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steven Comeau Sent: Wednesday, March 24, 2010 6:04 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Blocking sites Okay, I'm trying to block access in my student lab to sites like Twitter, Facebook, MySpace, and eBay. I seem to be successful with the last 3, but Twitter is giving me a problem. Also, is there a way to block HTTPS traffic and not just HTTP? I've tried both domain name sets and URL sets, but https traffic comes through. Perhaps I have the wrong syntax. Oddly enough, no matter what I do, I can't seem to block Twitter. I'm using ISA 2006. I thought about redirecting DNS to a different server and modifying the entries, but shouldn't this work in ISA? Perhaps if I also was able to get the range of IPs for those sites I could block those. Thanks in advance. Steve Comeau Associate Director of IT Rutgers Athletics 83 Rockafeller Road Piscataway, NJ 08854 732-445-7802 732-445-4623 (fax) www.scarletknights.com<http://www.scarletknights.com> [cid:image007.png@01CACCDC.FA7C6C10] [cid:image008.jpg@01CACCDC.FA7C6C10] *** This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA 83 Rockafeller Road Piscataway, NJ 08854 www.scarletknights.com<http://www.scarletknights.com> *** *** This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA 83 Rockafeller Road Piscataway, NJ 08854 www.scarletknights.com<http://www.scarletknights.com> *** *** This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA 83 Rockafeller Road Piscataway, NJ 08854 www.scarletknights.com ***