RES: Access to a single web site from a Citrix server
- From: "Tiago de Aviz" <Tiago@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 21 Jan 2005 10:26:25 -0200
Why not make the users that are using citrix authenticate against the firewall
and build your firewall policies on a per-user basis? This should do the trick.
And then let the Citrix's IP address access only that site that it needs access
to.
Tiago de Aviz
SoftSell - Curitiba
(41) 340-2363
www.softsell.com.br
Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é
restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem
por engano, queira por favor retorná-la ao destinatário e apagá-la de seus
arquivos. Qualquer uso não autorizado, replicação ou disseminação desta
mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável
pelo conteúdo ou a veracidade desta informação.
-----Mensagem original-----
De: Don McCall [mailto:DMcCall@xxxxxxxxxx]
Enviada em: sexta-feira, 21 de janeiro de 2005 09:49
Para: [ISAserver.org Discussion List]
Assunto: [isalist] Access to a single web site from a Citrix server
http://www.ISAserver.org
I have racked my brains on this one (not that there is that many in the first
place) however I have not as yet come up with a solution.
The scenario is as follows:
For all intensive purposes domain users have access to HTTP and HTTPS.
As a matter of principle I block all servers from access to the internet except
the necessary DNS MAIL etc.
I have had a request to allow some Citrix Servers access to a single WEB site.
It is simple enough to allow users access to the WEB through the Citrix server
by removing the block on that IP address.
However that also gives them access to all WEB sites through the Citrix server,
(this is not desirable).
If I restrict HTTP to a single site, then it also restricts their access from
their work stations (also not desirable).
I know I have got to be missing something simple...
I am running both ISA 2000 and 2004 (I am egarly waiting the book I have
ordered)
If any one has a simplton plan please let me know.
Thanks
Don McCall
Infrastructure Manager
Baptist Community Services
O: 02 9023 2602
M: 0403082854
F: 02 9023 2502
Email dmccall@xxxxxxxxxx
Don McCall
Infrastructure Manager
Baptist Community Services
O: 02 9023 2602
M: 0403082854
F: 02 9023 2502
Email dmccall@xxxxxxxxxx
This message is intended for the addressee named and may
contain confidential information. If you are not the intended
recipient, please delete it and notify the sender. Views
expressed in this message are those of the individual sender,
and are not necessarily the views of Baptist Community Services. 3
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tiago@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
- » RES: Access to a single web site from a Citrix server
