Hi Jim Thanks. I will do that. Cheers --------------------------------------------- Raji Arulambalam Systems Administrator Bay of Plenty REGIONAL Council P O Box 364 Whakatane. NEW ZEALAND Phone: 0800 ENV BOP (0800 368 267) +64 7 922 3390 Fax: 0800 ENV FAX (0800 368 329) +64 7 922 3393 http://envbop.govt.nz -------------------------------------------- -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Friday, 16 August 2002 10:47 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Why does it not work?? http://www.ISAserver.org It's a little convoluted, but here goes: - Your DS : DomainName: *; would conceivably include any request made to your ISA Path: /default.ida; none of the listed requests included this, so it won't fire DomainName: www; Code Red used www.worm.com; "www" is purely Nimda and clones. Your local name resolution scheme can affect how unqualified requests are dealt with an cause this to be ignored Path: /* DomainName: /www; this is an illegal entry (can only precede the domain name with a single "*") and will be ignored by ISA Path: /* DomainName: * Path: /*.exe*; ISA rejects this, you can only have one "*" at the end of the path name DomainName: * Path: /cmd.exe; no request is limited to "/cmd.exe", so it won't fire on this DomainName: * Path: /root.exe; no request is limited to "/root.exe", so it won't fire on this You're better off to limit the allow rules to very specific filters and let the default rule tell all the rest to bugger off. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison http://jalojash.org/isatools Read the books! ****************************************************** This e-mail has been checked for viruses and no viruses were detected.