Welcome to ISAserver.org

Block access to specific HTTPS sites - not easy?

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Cache] >> Web Proxy client >> Block access to specific HTTPS sites - not easy?

Page: [1]

Message

<< Older Topic Newer Topic >>

Block access to specific HTTPS sites - not easy? - 9.Aug.2007 12:28:40 AM

rapido

Posts: 9
Joined: 3.Aug.2007
Status: offline

Hi

I’m after advice on how to block access to specific HTTPS sites (EG https://mail.google.com/mail/) while allowing all other HTTPS sites.

URL Sets do not work with HTTPS nor do HTTP signature filters so I can't make a deny rule.

AJ

Post #: 1

Featured Links*

RE: Block access to specific HTTPS sites - not easy? - 9.Aug.2007 3:04:20 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi rapido,

ISA can only peek into the HTTP connect method for HTTPS traffic and therefore can only perform access control on the FQDN (mail.google.com in your example), *not* on any path.

HTH,
Stefaan

(in reply to rapido)

Post #: 2

RE: Block access to specific HTTPS sites - not easy? - 9.Aug.2007 5:16:49 PM

ferrix

Posts: 363
Joined: 16.Mar.2005
Status: offline

Also, if you have Secure NAT clients then you can't use the domain name either, because they are being intercepted and don't use proxy CONNECT tunneling. So you should block all known IPs too if you have SNAT users.

If you want to inspect HTTPS connections fully you can use ClearTunnel.

(in reply to spouseele)

Post #: 3