• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Limit Firefox to specific URL's?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Limit Firefox to specific URL's? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Limit Firefox to specific URL's? - 29.Apr.2009 4:37:59 AM   
nry

 

Posts: 44
Joined: 2.Oct.2008
Status: offline
Hi,

We have currently got Firefox banned as a browser on our firewall.  Numerous reasons for it, but I'm curious if I can allow Firefox through the firewall but only for specific URL's?

I had a look through the HTTP policy where we blocked Firefox but it doesn't seem to have the scope to allow some URL's through but not others.  Is it possible to do this?

Thanks,

Chris
Post #: 1
RE: Limit Firefox to specific URL's? - 29.Apr.2009 7:47:29 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Chris,

do you want to allow FF which is installed on ISA to access some URLs? Why do you want to access the internet through the firewall?

Regards,
Paulo Oliveira.

(in reply to nry)
Post #: 2
RE: Limit Firefox to specific URL's? - 29.Apr.2009 9:27:05 AM   
nry

 

Posts: 44
Joined: 2.Oct.2008
Status: offline
Apologies, my question was unclear.

We have some computers on our network with Firefox installed.  We do not want people to use Firefox as we are unable to lock it down to go through our web filter (which is seperate to ISA on different hardware).

To that end, we have created a rule in the http policy within ISA 2006 to block 'Firefox' as a user agent.

We would like, if possible, to let Firefox access a small limited number of URLs whilst preventing them from accessing any other websites.

Is this possible?

(in reply to paulo.oliveira)
Post #: 3
RE: Limit Firefox to specific URL's? - 29.Apr.2009 10:11:42 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Chris,

yes, it is. In my opinion, users shouldnīt even be able to install FF on their machines if company policy does not allow it!

To let people who uses FF access limited URLs, you have to create an access rule above the rule thatīs blocking FF with desired destination domain/URL set.


Regards,
Paulo Oliveira.

(in reply to nry)
Post #: 4
RE: Limit Firefox to specific URL's? - 29.Apr.2009 12:53:49 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: paulo.oliveira

Hi Chris,

yes, it is. In my opinion, users shouldnīt even be able to install FF on their machines if company policy does not allow it!

To let people who uses FF access limited URLs, you have to create an access rule above the rule thatīs blocking FF with desired destination domain/URL set.


Regards,
Paulo Oliveira.


Not sure you can do this as the HTTP filter is block only

Can you identify the machines running FF apart from the User Agent?

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to paulo.oliveira)
Post #: 5
RE: Limit Firefox to specific URL's? - 29.Apr.2009 3:52:19 PM   
nry

 

Posts: 44
Joined: 2.Oct.2008
Status: offline
I made no comment as to why Firefox is installed on a set number of computers.  The computers in question are 40 Asus EeePC's which are in use by our Science department.  Firefox is pre-installed and the OS is not directly compatible with our 'normal' school network (RM Connect 3).

Students use these as independent learning devices with Intranet access to a single learning platform.  For 'network' use these EeePC's run a terminal server connection to our Thin Client server which gives them full, secured and trackable Internet access and the system is locked down to prevent them doing anything we don't want them to.

What we would like to do is allow these EeePC's, under Linux/Firefox, to access a small number of Internet-based educational websites.

You jumped to a rather interesting conclusion as to why Firefox was installed when it is against policy...it is against policy except where there are limited options for such changes and support for such changes.

Anyhow, it seems I am unable to do this unless easily?  We can obviously get the MAC address info for all of these EeePC's etc - is it possible to use this to control access?

(in reply to Jason Jones)
Post #: 6
RE: Limit Firefox to specific URL's? - 29.Apr.2009 4:25:24 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Let's go back to the first post (I like to do that a lot).  I don't think it was dealt with as it should.

quote:

had a look through the HTTP policy where we blocked Firefox but it doesn't seem to have the scope to allow some URL's through but not others.  Is it possible to do this?  


What policy????  What are the exact specs of this policy?  Exactly how did you block firefox with this policy? (yes, I think I know, but I want you to explain it anyway to be sure)  If we don't know what you did,..we can not possibly tell you what you should do now.


_____________________________

Phillip Windell

(in reply to nry)
Post #: 7
RE: Limit Firefox to specific URL's? - 30.Apr.2009 6:38:52 AM   
nry

 

Posts: 44
Joined: 2.Oct.2008
Status: offline
I configured the http filter as per this website link:

http://www.linglom.com/2008/02/01/getting-started-with-microsoft-isa-server-2006-part-v-configure-http-filter/

This blocks Firefox as a user agent string.

(in reply to pwindell)
Post #: 8
RE: Limit Firefox to specific URL's? - 30.Apr.2009 8:35:10 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
quote:

ORIGINAL: Jason Jones

quote:

ORIGINAL: paulo.oliveira

Hi Chris,

yes, it is. In my opinion, users shouldnīt even be able to install FF on their machines if company policy does not allow it!

To let people who uses FF access limited URLs, you have to create an access rule above the rule thatīs blocking FF with desired destination domain/URL set.


Regards,
Paulo Oliveira.


Not sure you can do this as the HTTP filter is block only

Can you identify the machines running FF apart from the User Agent?

Cheers

JJ

Hi Jason,

I think it is possible, because he said he blocked FF for others users. So, he just have to create a new access rule allowing specified web sites (domain/URL set) on top of the blocked rule.

Of course this new access rule will aplly only to a restricted group from what I could understand.

Regards,
Paulo Oliveira.

(in reply to Jason Jones)
Post #: 9
RE: Limit Firefox to specific URL's? - 30.Apr.2009 8:55:56 AM   
nry

 

Posts: 44
Joined: 2.Oct.2008
Status: offline
We don't use user groups etc - I have banned Firefox globally agains the http filter options.  Is there a better method for doing this or am I stuck?

(in reply to paulo.oliveira)
Post #: 10
RE: Limit Firefox to specific URL's? - 30.Apr.2009 10:44:35 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
quote:

I configured the http filter as per this website link:

http://www.linglom.com/2008/02/01/getting-started-with-microsoft-isa-server-2006-part-v-configure-http-filter/

This blocks Firefox as a user agent string.


The simplest thing to do is create a Domain Name Set or URL Set for the "Firefox Allowed Sites" and add them to the Exceptions box on the "To" Tab of the Rule.  This causes the Rule to simply "not apply" to the traffic when those are the destinations.  Then follow it up with a second HTTP Rule to allow this traffic.

_____________________________

Phillip Windell

(in reply to nry)
Post #: 11
RE: Limit Firefox to specific URL's? - 25.May2009 6:12:44 AM   
markrailton

 

Posts: 24
Joined: 19.May2009
Status: offline
well if your computers are on a domain wouldnt it be easier to create policy effecting proxy settings on IE only therefore FF wont have address information and specifically allow only domain group access to specific URL list?

but i guess there is alot more other information to take into consideration.

just a thought

(in reply to nry)
Post #: 12

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Limit Firefox to specific URL's? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts