Cannot. If you have a C++ dev on hand, you might turn their hand to a custom web filter for this purpose. The SDK is on the CD and includes some examples of web filter code. The good thing is that web filters can be written in ISAPI filter style. I can understand your frustration, but the thing you have to remember is that ISA doesn't parse the request as fully as a web server might. ISA expects only path data in the path variable; no "=", "?", "http://";, etc. ISA expects only domain names or IP addresses (yuk) in the destination variable, no "http://";, "/", etc. You can use wildcards, but only one at the beginning of the destination and one at the end of the path. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the book! ----- Original Message ----- From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, December 12, 2001 03:35 Subject: [isalist] Re: Client and destination Sets and Querystrings http://www.ISAserver.org So to wrap this discussion up, access to URLs can or cannot be limited by the querystring? And if the querystring has an actual URL as in: DashboardID=http://portal.oursite.com/DAVCatalo g/Dashboards/Welcome/Focus/someclient/clientportal/ that directory needs to be specified in the path for the destination set as well? Sorry to keep on this thread but it has been a severepain to us resulting with me eventually screwing up our firewall config trying to publish this securely. And thanks to all who have replied... -----Original Message----- From: Bryan Andrews Sent: Tuesday, December 11, 2001 12:20 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Client and destination Sets and Querystrings http://www.ISAserver.org Well the users are limited in this fashion. Due to the sensitive nature of the information we'd prefer that they are limited by login credentials as well as the site be only accessed from their bulding. So that is my issue... I'm not sure if anyone here is familiar with Digital Dashboard, but the dashboards are determined by the DashboardID at the end of the URL. So, if I open up /dashboard/* as a destination set, then all the different client portals are accessible by every location (assuming they have the password). -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Monday, December 10, 2001 4:30 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Client and destination Sets and Querystrings http://www.ISAserver.org You should limit by user at the web server; when the %UserName% subfolders are created, you should assign ACLs appropriate to that user. If you're requiring user login, then they can carry their credentials (not NTLM) with them to that site. Jim Harrison MCP(NT4, 2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ ----- Original Message ----- From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, December 10, 2001 12:58 Subject: [isalist] Re: Client and destination Sets and Querystrings http://www.ISAserver.org OK... but if I put /dashboard/* then doesn't it basically cover all directories under the dashboard directory? I basically need all files in the dashboard directory accessible... and then I need to be able to give selective access (thru client access) to different dashboardID's (see the querystring). So ultimately, I have a feeling, if I put /dashboard/* in the destination set... then all the portals will be available to all the clients (which we don't want). Maybe this is not possible? -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Friday, December 07, 2001 4:17 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Client and destination Sets and Querystrings http://www.ISAserver.org Almost, but not quite there... The proper path would be "/DAVCatalog/Dashboards/Welcome/Focus/*" and "/Dashboard/*", or just "/*". Don't include any dynamic data in the path, such as "?", usernames, etc. Jim Harrison MCP(NT4, 2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ ----- Original Message ----- From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, December 07, 2001 10:41 Subject: [isalist] Re: Client and destination Sets and Querystrings http://www.ISAserver.org Yeah we are using a client address set to specify that their ip range (their headquarters) are allowed to see this specific client area of the portal. There are other areas within the main portal that we'd like to specify other companies have access to based on their ips... I was worried mainly about the fact that each So I could create a path with a querysting in it? So... This would work in the destination set: http://portal.oursite.com and /Dashboard/dashboard.asp?DashboardID=http://portal.oursite.com/DAVCatalo g/Dashboards/Welcome/Focus/someclient/clientportal/* -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Friday, December 07, 2001 9:45 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Client and destination Sets and Querystrings http://www.ISAserver.org I'm not clear; you're using client address sets for external requests? As far as the destination set, you can just use "portal.oursite.com" in the destination and "/DAVCatalog/Dashboards/Welcome/Focus/*" in the path. That should allow them to get to all the sites without creating one for each query string. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ ----- Original Message ----- From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, December 07, 2001 05:55 Subject: [isalist] Client and destination Sets and Querystrings http://www.ISAserver.org Our company is using Digital Dashboard Technology for our client portals. We have a url such as: http://portal.oursite.com/Dashboard/dashboard.asp?DashboardID=http://por tal.oursite.com/DAVCatalog/Dashboards/Welcome/Focus/someclient/clientpor tal that renders from a redirect at: http://portal.oursite.com/clientportal We allow access to the client portal based on a client and destination set (so only the client can get in from their building). My question is that all of our client portals will render with the above URL just a different query string tacked to the end. Can I create destination sets that include the query string in the criteria? Otherwise I will be stuck having add every client to the destination set of http://portal.oursite.com/* Thanks for any thoughts ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')