:))..........temper, temper I just lumped you in with MS.........sorry Steve -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Sunday, March 02, 2003 5:36 PM To: Isa List Subject: [isalist] RE: Of interest to all who use destination sets for deny rules. http://www.ISAserver.org Dude, I have NEVER, EVERRRRRRR said to include http:// in a Destination Set. NEVER. There is a big different between *stuff.com and *.stuff.com in Destination Set. The former would block www.mystuff.com while the latter wouldn't. If you try to block chat.msn.com and you have a Destination Set entry for chat.msn.com. Of course, you would NEVER put the protocol in the Destination Set, because the protocol isn't part of the destination. You NEVER need to put a wildcard in front of chat.msn.com to block the site. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxx] Sent: Sunday, March 02, 2003 2:51 PM To: [ISAserver.org Discussion List] Subject: [isalist] Of interest to all who use destination sets for deny rules. http://www.ISAserver.org Hi All While tidying and adding more sites to my various deny rules, I have managed to get my rules working correctly. In the past, as per Dr Shinder's and Microsoft's instructions to format the destinations as :- *.www....., or http://...... with the path as /*., I found that many of these did not work. I have spent an hour or two today, going through my destination sets and modifying them, and now they all work 100% of the time. The correct format to enter into the destination sites, is *domainname, i.e. *chat.msn.com, and a path of /*. This blocks all ways to get to the site, except for the ip address, which can be entered along with a path of /* HTH Steve Steve Moffat ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')