Re: Client and destination Sets and Querystrings

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 12 Dec 2001 06:53:13 -0800

Cannot.
If you have a C++ dev on hand, you might turn their hand to a custom web
filter for this purpose.  The SDK is on the CD and includes some examples of
web filter code.  The good thing is that web filters can be written in ISAPI
filter style.
I can understand your frustration, but the thing you have to remember is
that ISA doesn't parse the request as fully as a web server might.
ISA expects only path data in the path variable; no "=", "?", "http://";,
etc.
ISA expects only domain names or IP addresses (yuk) in the destination
variable, no "http://";, "/", etc.
You can use wildcards, but only one at the beginning of the destination and
one at the end of the path.

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the book!

----- Original Message -----
From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, December 12, 2001 03:35
Subject: [isalist] Re: Client and destination Sets and Querystrings


http://www.ISAserver.org



So to wrap this discussion up, access to URLs can or cannot be limited
by the querystring?

And if the querystring has an actual URL as in:
DashboardID=http://portal.oursite.com/DAVCatalo
g/Dashboards/Welcome/Focus/someclient/clientportal/

that directory needs to be specified in the path for the destination set
as well?

Sorry to keep on this thread but it has been a severepain to us
resulting with me eventually screwing up our firewall config trying to
publish this securely.

And thanks to all who have replied...


 -----Original Message-----
From: Bryan Andrews
Sent: Tuesday, December 11, 2001 12:20 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Client and destination Sets and
Querystrings

http://www.ISAserver.org


Well the users are limited in this fashion. Due to the sensitive nature
of the information we'd prefer that they are limited by login
credentials as well as the site be only accessed from their bulding.

So that is my issue...

I'm not sure if anyone here is familiar with Digital Dashboard, but the
dashboards are determined by the DashboardID at the end of the URL. So,
if I open up /dashboard/* as a destination set, then all the different
client portals are accessible by every location (assuming they have the
password).



-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Monday, December 10, 2001 4:30 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Client and destination Sets and Querystrings


http://www.ISAserver.org


You should limit by user at the web server; when the %UserName%
subfolders
are created, you should assign ACLs appropriate to that user.  If you're
requiring user login, then they can carry their credentials (not NTLM)
with
them to that site.

Jim Harrison
MCP(NT4, 2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/

----- Original Message -----
From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, December 10, 2001 12:58
Subject: [isalist] Re: Client and destination Sets and Querystrings


http://www.ISAserver.org



OK... but if I put /dashboard/* then doesn't it basically cover all
directories under the dashboard directory?

I basically need all files in the dashboard directory accessible... and
then I need to be able to give selective access (thru client access) to
different dashboardID's (see the querystring).

So ultimately, I have a feeling, if I put /dashboard/* in the
destination set... then all the portals will be available to all the
clients (which we don't want).

Maybe this is not possible?


 -----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Friday, December 07, 2001 4:17 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Client and destination Sets and
Querystrings

http://www.ISAserver.org


Almost, but not quite there...

The proper path would be "/DAVCatalog/Dashboards/Welcome/Focus/*" and
"/Dashboard/*", or just "/*".
Don't include any dynamic data in the path, such as "?", usernames, etc.

Jim Harrison
MCP(NT4, 2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/

----- Original Message -----
From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, December 07, 2001 10:41
Subject: [isalist] Re: Client and destination Sets and Querystrings


http://www.ISAserver.org


Yeah we are using a client address set to specify that their ip range
(their headquarters) are allowed to see this specific client area of the
portal. There are other areas within the main portal that we'd like to
specify other companies have access to based on their ips...

I was worried mainly about the fact that each

So I could create a path with a querysting in it?

So... This would work in the destination set:

http://portal.oursite.com and

/Dashboard/dashboard.asp?DashboardID=http://portal.oursite.com/DAVCatalo
g/Dashboards/Welcome/Focus/someclient/clientportal/*

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Friday, December 07, 2001 9:45 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Client and destination Sets and Querystrings


http://www.ISAserver.org


I'm not clear; you're using client address sets for external requests?
As far as the destination set, you can just use "portal.oursite.com" in
the
destination and "/DAVCatalog/Dashboards/Welcome/Focus/*" in the path.
That should allow them to get to all the sites without creating one for
each
query string.

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
----- Original Message -----
From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, December 07, 2001 05:55
Subject: [isalist] Client and destination Sets and Querystrings


http://www.ISAserver.org


Our company is using Digital Dashboard Technology for our client
portals. We have a url such as:

http://portal.oursite.com/Dashboard/dashboard.asp?DashboardID=http://por
tal.oursite.com/DAVCatalog/Dashboards/Welcome/Focus/someclient/clientpor
tal

that renders from a redirect at: http://portal.oursite.com/clientportal

We allow access to the client portal based on a client and destination
set (so only the client can get in from their building).

My question is that all of our client portals will render with the above
URL just a different query string tacked to the end.

Can I create destination sets that include the query string in the
criteria? Otherwise I will be stuck having add every client to the
destination set of http://portal.oursite.com/*

Thanks for any thoughts

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Client and destination Sets and Querystrings
• » Re: Client and destination Sets and Querystrings
• » Re: Client and destination Sets and Querystrings
• » Re: Client and destination Sets and Querystrings
• » Re: Client and destination Sets and Querystrings
• » RE: Client and destination Sets and Querystrings
• » Re: Client and destination Sets and Querystrings
• » Re: Client and destination Sets and Querystrings
• » Re: Client and destination Sets and Querystrings
• » Re: Client and destination Sets and Querystrings
• » Re: Client and destination Sets and Querystrings
• » Re: Client and destination Sets and Querystrings

1. Home
2. isalist
3. Archive
4. 12-2001

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---