RE: ISA-Server Problem

From: Christian Hampson (champson@hampsonservices.com)
Date: 03/21/02

• Previous message: Mitchel Chapman: "RE: HFNetChk Pro vs. other means to push out updates"
• In reply to: Lasantha Nissanke: "ISA-Server Problem"
• Next in thread: Sheppard, Leighton: "RE: ISA-Server Problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Christian Hampson" <champson@hampsonservices.com>
To: "'Lasantha Nissanke'" <nissanke@unilink.lk>, <focus-ms@securityfocus.com>
Date: Thu, 21 Mar 2002 09:45:49 -0800

Lasantha:

I believe that ISA by default has a Deny All rule at the end of the
list. By having the "Deny everyone but Yahoo" rule ahead of that,
traffic to Yahoo passes buy this rule but is then killed by the Deny All
at the end. You would probably be better off replcing the "Deny
everything but Yahoo" rule with a "Permit Yahoo" rule and then a "Deny
all http" rule just to be safe.

-----Original Message-----
From: Lasantha Nissanke [mailto:nissanke@unilink.lk]
Sent: Wednesday, March 20, 2002 19:08
To: focus-ms@securityfocus.com
Subject: ISA-Server Problem

I am having a problem with ISA Server 2000. Here is
my platform.

I have installed ISA server 2000 (With Windows SP2
and ISA SP 1) on an array and this is integrated with
Active Directory. This is working properly.

I want to block several users accessing all the
websites except yahoo.

So, I cave created a destination set call "yahoo" and
add "*.yahoo.com" and "*.yahoo.com/*" to that
destination.

Then in "site and content ruless", I have created a
new rule. Settings are as followed:

--------------------------------------------------------------------
Destination:
        This rule applies to: All Destination Except
Selected Set
        Name: yahoo

Schedule: Always

Action: Denied

Applies to: users and groups specified from--> user
list (from AD)

Http Content: All content group.
--------------------------------------------------------------------

But, problem is this is not working in any way. It
blocks every thing including yahoo for the selected
users.

Is this a bug of isa server?

Anyone knows how to fix this?

BR
Lasantha Nissanke

---

• Previous message: Mitchel Chapman: "RE: HFNetChk Pro vs. other means to push out updates"
• In reply to: Lasantha Nissanke: "ISA-Server Problem"
• Next in thread: Sheppard, Leighton: "RE: ISA-Server Problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: ISA-Server Problem ... Subject: ISA-Server Problem ... websites except yahoo. ... Selected Set ... Is this a bug of isa server? ... (Focus-Microsoft) Re: My attempt at an Oland tool ... in cahoots with Yahoo to deny us access to most newsgroups, ... (rec.crafts.woodturning) About Apache ... in the httpd.conf file doesnot conteins any deny or allowed ip ... Yahoo! ... Music Unlimited - Access over 1 million songs. ... To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org ... (Debian-User) ipfw MAC question ... I allow all from internal network in fxp1 ... ipfw add log deny ip from any to any in via fxp1 ... Do you Yahoo!? ... (freebsd-questions) RE: Access rule for Hotmail & Yahoo mail in ISA 2000 server ... I understand that you want Business office ... group only to access 3 web sites, but you get error page when logon yahoo ... As I know, the logon pages for yahoo mail and hotmail thru HTTPS, so I ... Please help to gather the ISA Info: ... (microsoft.public.windows.server.sbs)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ms  > 2002-03