Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Allowing specific users to specific internet sites
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Allowing specific users to specific internet sites - 6.Jun.2008 3:56:09 AM
|
|
|
egmsteven
Posts: 14
Joined: 15.May2008
Status: offline
|
Hello,
Everyone on the intranet has https-access to the internet, but no I want to allow specific users from the intranet to specific sites to the internet.
I've created an access-rule (allow http) with access from the internal network (specific users) to the specific url (http://annerenneke.eu).
but no access is allowed from the isa himself??? Why any help is welcome!!!!
|
|
|
|
|
RE: Allowing specific users to specific internet sites - 6.Jun.2008 4:26:42 AM
|
|
|
HePa
Posts: 135
Joined: 9.May2008
From: Sweden, Gothenburg
Status: offline
|
You should you want to use the web-browser on the ISA server? Surfing the internet from a Firewall is not a good idé! Within a security perspective it's absolutly not a good idéa at all, I hope you understand me. The most of the viruses and attacks come from the internet and through the webbrowser....so I hope this will help you re-evaluate if you really want to allow this?!
If you want to enable this you'll need to edit the system policies on the ISA server, which is the rules that you need to edit for grating or denying access to and from the ISA server.
For further info: http://www.isaserver.org/articles/2004browseronfirewall.html
_____________________________
HePa
|
|
|
|
|
RE: Allowing specific users to specific internet sites - 6.Jun.2008 4:50:26 AM
|
|
|
egmsteven
Posts: 14
Joined: 15.May2008
Status: offline
|
No, I think 've expressed myself wrong.
I would like to let the users access this site from their own workstation (from the intranet).
Access from intranet to internet, but only allowes sites.
Thx
|
|
|
|
|
RE: Allowing specific users to specific internet sites - 6.Jun.2008 5:16:06 AM
|
|
|
egmsteven
Posts: 14
Joined: 15.May2008
Status: offline
|
No luck,
I've created the following rule
Name: Allowed Sites
Action: Allow
Protocol: HTTP-HTTPS
Source: internal
Destination: AllowedSites (Domain name Set: AllowedSites *.annerenneke.eu)
condition: specific users (me included)
Where is it going wrong???
Message from ISA Error code 502 Proxy error. The ISA server denied the specific URL (12202).
|
|
|
|
|
RE: Allowing specific users to specific internet sites - 6.Jun.2008 5:34:49 AM
|
|
|
egmsteven
Posts: 14
Joined: 15.May2008
Status: offline
|
New information.
I've did a nslookup www.annerennek.eu
answer:
Name webfwd2.je-eigen-domain.nl
aliasses: www.anne renneke.eu
I've adapted the Domain name Set to
*.webfwd2.je-eigen-domain.nl
*.je-eigen-domein.nl
Suggestions????
|
|
|
|
|
RE: Allowing specific users to specific internet sites - 6.Jun.2008 5:39:34 AM
|
|
|
elmajdal
Posts: 5028
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
Hi,
Are both machines, ISA Server and your machine joined to the same domain ?
Are you logged into the machine with your domain credentials ?
How are forcing authentication on your machine ? have you set the webproxy/installed firewall client ?
Have you installed Service Pack 3 for ISA Server 2004 ?
also, run the Live Logging and check what is denying this traffic.
HTH,
Tarek
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Allowing specific users to specific internet sites - 6.Jun.2008 5:50:52 AM
|
|
|
egmsteven
Posts: 14
Joined: 15.May2008
Status: offline
|
Hi,
I'am trying to access this site from my XP-machine on the same domain of the ISA>
Logged on with domain credentials.
I've installed the ISA with SP3.
If I place myself in another group (another rule: allow HTTP and HTTPS, internal to external and AD-conditions), I can consult everything on the internet.
Help.....
|
|
|
|
|
RE: Allowing specific users to specific internet sites - 6.Jun.2008 5:53:32 AM
|
|
|
egmsteven
Posts: 14
Joined: 15.May2008
Status: offline
|
Hello,
I've executed a new test.
Same rule but added www.google.be to the Domain Name Set and I can access google. But still nothing for www.annerenneke.eu
Suggestions???
|
|
|
|
|
RE: Allowing specific users to specific internet sites - 6.Jun.2008 8:36:06 AM
|
|
|
egmsteven
Posts: 14
Joined: 15.May2008
Status: offline
|
Hello,
Is it possible that it has something to do with the "Alias", because other sites like www.caset.be function properly.
Thanks
|
|
|
|
|
RE: Allowing specific users to specific internet sites - 6.Jun.2008 10:21:16 AM
|
|
|
elmajdal
Posts: 5028
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
mmmm, can you monitor the Live Logging and check which rule is blocking it and why
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Allowing specific users to specific internet sites - 6.Jun.2008 12:08:04 PM
|
|
|
egmsteven
Posts: 14
Joined: 15.May2008
Status: offline
|
No direct suggestions, because i'm lost.....
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
