Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Block all websites except some approval websites
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Block all websites except some approval websites - 19.Dec.2005 7:32:37 PM
|
|
|
jordan.pippen
Posts: 8
Joined: 19.Dec.2005
Status: offline
|
Dear All,
I installed ISA2004 and I would like to block all user to access http except some of the approval websites.
For example
block all websites except *.yahoo.com
Either I "URL Sets" or "Domain Name Sets", it is not successfully.
However, if I change it to allow all http except some of the denial websites
For example
allow all websites except *.yahoo.com
It is work and successfully to block yahoo.com
Now, I am wondering what 's wrong on this. In fact, the principle is the same. Why I cannot block all websites except some websites I allow to access.
I am new in ISA2004, Please explain what are the problems in this case and did I need to do something to make it work. Please detail the procedure.
Thanks everyone to reply in advance
|
|
|
|
RE: Block all websites except some approval websites - 19.Dec.2005 8:04:02 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
The answer is simple. Rather than block all with exceptions, you need only allow specific sites. By default, in absense of an allow rule, the last default rule denies.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: Block all websites except some approval websites - 20.Dec.2005 7:53:15 AM
|
|
|
jordan.pippen
Posts: 8
Joined: 19.Dec.2005
Status: offline
|
I know you mean, but that is what my question. I only allow yahoo.com, but it dont work. That why I ask this question.
Is it need to configure other parts that I miss?(I only set "URL Sets" and "Domain Name Sets")
Thanks and Regards
|
|
|
|
|
RE: Block all websites except some approval websites - 20.Dec.2005 2:44:47 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
If you only allow yahoo.com, it won't work. What about DNS? How are your clients supposed to resolve DNS? You need rules to allow your internal DNS to forward to the external DNS. You need to allow ISA to access DNS.
As I said, in absense of an allow rule,the default deny rule denies. Watch the live log to see what is being denied and reason out your rules.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: Block all websites except some approval websites - 20.Dec.2005 6:17:55 PM
|
|
|
jordan.pippen
Posts: 8
Joined: 19.Dec.2005
Status: offline
|
In fact, I dont configure DNS at this moment. My purpose is to use ISA to do Web Proxy function.
Also, I found that my default rule block client to access some websites even I set the exception. Now I am wondering it is possible to set what I need?(Block all websites except some websites I allow to access)
|
|
|
|
|
RE: Block all websites except some approval websites - 20.Dec.2005 7:22:19 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
I don't get it. What exception? Are you creating allow rules or deny rules?
If you have the needed allow rules before the last default (deny) rule, it will never reach the deny rule. If it is denying then obviously your rules are not crafted properly.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: Block all websites except some approval websites - 21.Dec.2005 2:16:50 AM
|
|
|
jordan.pippen
Posts: 8
Joined: 19.Dec.2005
Status: offline
|
The default rule is created by default. I mean I create a new deny rule with exception ( block all websites except *.yahoo.com as example), however, I found in the logging that the default rule block my proxy client to access yahoo.com
That being the case, I wonder why my new deny rule is not work and turn to the default rule????
|
|
|
|
|
RE: Block all websites except some approval websites - 21.Dec.2005 6:35:26 AM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
I still don't get it. Are you trying to allow with a deny rule? Where is the allow rule?
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: Block all websites except some approval websites - 21.Dec.2005 2:44:42 PM
|
|
|
ClintD
Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
|
Here is essentually what you are doing in human talk.
<ISA Rule Engine Begin>
OK...hmmm...not many requests for Internet access today....think I'll take a nap
zzzz.....
Oh?! Here's a HTTP request for www.yahoo.com
Let me check my rules
OK - I have one rule - let's see if the rule applies to this request
Protocol? HTTP - that's a match for this rule
Users? All Users - that's a match
Destination? External - that's a match
Hmmm - this rule has an exception for the Destination - *.yahoo.com. I'll skip this rule since that URL must be handled in a different rule
Next Rule - Hmmm... Default Deny?
o...k... Block the request
zzzzz........
You can see that it doesn't even check the Allow/Block condition - it doesn't matter - the Destination has been placed in the exceptions in this Deny rule so the rule doens't match. Implicit in that statement is that there is another rule in place to allow access to *.yahoo.com.
|
|
|
|
|
RE: Block all websites except some approval websites - 21.Dec.2005 6:19:26 PM
|
|
|
jordan.pippen
Posts: 8
Joined: 19.Dec.2005
Status: offline
|
To be simply, in fact, I just want block all proxy client to access all websites except yahoo.com, Can I do that? IF yes, how can I do?
Thanks
|
|
|
|
|
RE: Block all websites except some approval websites - 21.Dec.2005 6:27:35 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
Simply create an allow rule just for yahoo.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
RE: Block all websites except some approval websites - 
