Actually, I prefer this mechanism. It's clearer (*.sex.com <> sex.com), IMHO. You may have misunderstood the suggestion. You should enter "sex.com" and "*.sex.com", not "*sex.com." Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Bill Russell - VP/IT Dept." <BRussell@xxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, March 11, 2003 12:52 Subject: [isalist] Destination Sets http://www.ISAserver.org I have been grappling with this problem for three months now. In Miicrosoft's Proxyserver, you could blcok a domain by entering a single entry "*.sex.com" and it would block "sex.com", "www.sex.com", "mail.sex.com" but not "essex.com". In ISA server, you have to make two entries to obtain the same result, "sex.com" and "*.sex.com". If you enter "*.sex.com" only, it will block "www.sex.com" but not "sex.com". It has been suggested that I enter "*sex.com", but this blocks "essex.com" as well, which is not the result I am looking for. Am I missing something or has Microsoft has taken a step backwards in the use of wildcards in the destination sets? Bill Russell Vice President, Information Technology Balboa Travel (858) 678-3350 -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Tuesday, March 11, 2003 8:56 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: isa ad blocking http://www.ISAserver.org You can also use a tool which was designed specifically for log parsing: http://download.microsoft.com/download/iis50/Utility/2.0/NT5XP/EN-US/set up.e xe Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Quillman Shawn (RBNA/CIT1.1) *" <Shawn.Quillman@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, March 11, 2003 05:54 Subject: [isalist] RE: isa ad blocking http://www.ISAserver.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------------------------------------------------------------------------ ---- ---- You could parse the logs for the name of the rule that denies the destination set and then parse that for 407 and 12209 (proxy authentication required codes). Setup a job to do it if you wish to automate it. That of course assumes that you're logging those fields. Go get the GNU Posix tools for NT, grep is a wonderful thing. -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CIT1.1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-2855 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Greg Mulholland [mailto:greg_mul@xxxxxxxxxxxxxxx] Sent: Tuesday, March 11, 2003 5:53 AM To: [ISAserver.org Discussion List] Subject: [isalist] isa ad blocking http://www.ISAserver.org Steve may be best to answer this, but others feel free. Is there anyway of tracking what websites are being blocked by the destination sets created by the isa_ads file. Thanks Greg Mulholland Technical Services Manager Harvey Norman - Knox Melbourne, Australia greg_mul@xxxxxxxxxxxxxxx <mailto:Greg_mul@xxxxxxxxxxxxxxx> +613 9881-3730 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------------------------ ---- ---- ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: brussell@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')