RE: Of interest to all who use destination sets for deny rules.
- From: "Steve Moffat" <steve@xxxxxxxxxxxxxxx>
- To: "Isa List" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 2 Mar 2003 21:47:50 -0000
:))..........temper, temper
I just lumped you in with MS.........sorry
Steve
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Sunday, March 02, 2003 5:36 PM
To: Isa List
Subject: [isalist] RE: Of interest to all who use destination sets for
deny rules.
http://www.ISAserver.org
Dude,
I have NEVER, EVERRRRRRR said to include http:// in a Destination Set.
NEVER.
There is a big different between *stuff.com and *.stuff.com in
Destination Set.
The former would block www.mystuff.com while the latter wouldn't.
If you try to block chat.msn.com and you have a Destination Set entry
for chat.msn.com. Of course, you would NEVER put the protocol in the
Destination Set, because the protocol isn't part of the destination. You
NEVER need to put a wildcard in front of chat.msn.com to block the site.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxx]
Sent: Sunday, March 02, 2003 2:51 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Of interest to all who use destination sets for deny
rules.
http://www.ISAserver.org
Hi All
While tidying and adding more sites to my various deny rules, I have
managed to get my rules working correctly.
In the past, as per Dr Shinder's and Microsoft's instructions to format
the destinations as :- *.www....., or http://...... with the path as
/*., I found that many of these did not work.
I have spent an hour or two today, going through my destination sets and
modifying them, and now they all work 100% of the time.
The correct format to enter into the destination sites, is *domainname,
i.e. *chat.msn.com, and a path of /*. This blocks all ways to get to the
site, except for the ip address, which can be entered along with a path
of /*
HTH
Steve
Steve Moffat
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
