Re: Creating rules for HTTPS: sites

  • From: "Iain Peirse" <Iain.Peirse@xxxxxxxxxxxxx>
  • To: isalist@xxxxxxxxxxxxx
  • Date: Thu, 24 Apr 2003 10:00:40 -0600

I think I've reached the 'tried everything everyway, except the right way
(which is probably very obvious) stage.

Heres the full scenario:
All users use the web proxy on the ISA server port 8080 to get to the Web.

We have two sets of users, those on DHCP and those with STATIC ip
addresses.
We've created address sets for each of these.

STATIC users/servers are allowed access to everywhere at all times.

DHCP users are allowed access to a restricted list of sites during office
hours only. Everywhere else is denied.

We've created an 'office hours' schedule.

Sites DHCP can use: (names have been changed...)
http://www.xxx.co.uk
http://www.yyy.com
http://test.zzz.org
https://server.creditcheck.com

I know this _should_ be simple, but I've missed something.

I'm going to have another crack after hours tonight, in about an hour.

Is it just a case of ignoring the HTTP/HTTPS and creating the rules?
(Maybe I;ve been complicating it too much)

Iain.



> Exactly how are you creating the rules?
> You can't specify the protocol prefix in destination sets.
> 
> 
>  Jim Harrison
>  MCP(NT4, W2K), A+, Network+, PCG
>  http://www.microsoft.com/isaserver
>  http://isaserver.org/Jim_Harrison
>  http://isatools.org
> 
>  Read the help, books and articles!
> ----- Original Message -----
> From: "Iain Peirse" <Iain.Peirse@xxxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Thursday, April 24, 2003 00:50
> Subject: [isalist] Creating rules for HTTPS: sites
> 
> 
> http://www.ISAserver.org
> 
> 
> Is there a specific way to creat a rule to allow only specific HTTPS:
> sites?
> We have several HTTP: allows created already but adding an HTTPS: allow
> creates all sorts of problems with the existing rules. Those sites already
> allowed are usually denied as soon as an HTTPS: based site is added to the
> allow list.
> 
> vbr,
> Iain.
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')


Other related posts: