Welcome to ISAserver.org

3 access rules but result not what i expect

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> 3 access rules but result not what i expect

Page: [1]

Message

<< Older Topic Newer Topic >>

3 access rules but result not what i expect - 26.Jun.2006 1:23:42 AM

Tom Decaluwe

Posts: 135
Joined: 23.Jul.2003
Status: offline

Hi,

I have been playing with access rules in ISA 2004 and 2006 and came accross an unexpected result.

I setup 3 rules

USER1– HTTP – filter: htm/html only - Allow
All users – HTTP – filter: all extensions - Allow
(default) – Deny

This is a demo i picked off of a webcast or somewhere else. In any case according to the webcast the result should be:

USER1 is a webproxy client => can open the webpage but GIF's should not displayed
=> according to the webcast only rule 1 applies to HTML requests made by user1. When i try this in a demo lab, user1get's to see the whole page content and in the monitor i can see he is denied the GIF file via rule 1 but for some reason rule 2 applies too and this services him the GIF file. As far as i could read this behavior should not happen and only rule 1 should have applied and he should never have been serviced by Rule2

USER2 is a webproxy client => sees both text and GIF's
=> This is working as i would expect, the user2 is getting full html pages with gif's

Anonymous users => get nothiing
=> This is workign as ik expect as anonymous is hitting rule 1 and no further processing is being done thus anonymous can not access html pages because he is blocked by an allow rule.

Could anyone tell me why user1 is seeing the GIF's? If i disable Rule2 user1 gets just the html text and no gif's so i'm 100% sure he is being servicec by rule 2 for this content.

many thanks,

Tom Decaluwé