RE: RES: RES: Re: Protocol rules access
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 8 Mar 2006 11:37:01 -0600
Hi Romulo,
Becuase if you allow access to HTTP, the Web proxy provides HTTP access. Port
numbers mean NOTHING.
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: "Rômulo Caetano Rocha (GTIN)" [mailto:rrocha@xxxxxxxxxxxxxxx]
Sent: Wednesday, March 08, 2006 11:28 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RES: RES: Re: Protocol rules access
http://www.ISAserver.org
Forget https. User can hit only 80/443. My question is: why user hit
9080 if the rule only permit 80/443?
-----Mensagem original-----
De: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx]
Enviada em: Wednesday, March 08, 2006 2:14 PM
Para: [ISAserver.org Discussion List]
Assunto: [isalist] RES: Re: Protocol rules access
http://www.ISAserver.org
Wait. the URL you want to access is:
http://www.xyz.com:9080
or
https://www.xyz.com:9080 ?
Case 1- my last answer
Case 2- my first answer
Tiago de Aviz
SoftSell - Curitiba
(41) 3340-2363
www.softsell.com.br
Esta mensagem, incluindo seus anexos, tem caráter confidencial
e seu conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido
esta mensagem por engano, queira por favor retorná-la ao destinatário e
apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou
disseminação desta mensagem ou parte dela é expressamente proibido. A SoftSell
não é responsável pelo conteúdo ou a veracidade desta informação.
>>> rrocha@xxxxxxxxxxxxxxx 8/3/2006 14:17 >>>
http://www.ISAserver.org
This is the problem, the protocol rule permit only 80 and 443,
but users can access http://host.domain.tld:port
-----Mensagem original-----
De: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Enviada em: Wednesday, March 08, 2006 2:08 PM
Para: [ISAserver.org Discussion List]
Assunto: [isalist] Re: Protocol rules access
http://www.ISAserver.org
Sorry - that's a different question.
What he's talking about is someone having the ability to hit
http://host.domain.tld:port
The script you describe helps alleviate the pain of finding
https://host.domain.tld:port blocked.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx]
Sent: Wednesday, March 08, 2006 08:48
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Protocol rules access
http://www.ISAserver.org
Negative; Need that special tool from Jim to allow SSL tunnels
against weird ports.
It is available at www.isatools.org
Tiago de Aviz
SoftSell - Curitiba
(41) 3340-2363
www.softsell.com.br
Esta mensagem, incluindo seus anexos, tem caráter confidencial
e seu conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido
esta mensagem por engano, queira por favor retorná-la ao destinatário e
apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou
disseminação desta mensagem ou parte dela é expressamente proibido. A SoftSell
não é responsável pelo conteúdo ou a veracidade desta informação.
>>> rrocha@xxxxxxxxxxxxxxx 8/3/2006 12:14 >>>
http://www.ISAserver.org
I´ve a protocol rule access that permit only port 80 and 443;
but users can access internet socket application and sites like
www.xxx.com:9080 for example. There is a bug in isa server 2000?
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tiago@xxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: rrocha@xxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tiago@xxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: rrocha@xxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
