Welcome to ISAserver.org

Network Objects (using wildcards)

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Network Objects (using wildcards)

Page: [1]

Message

<< Older Topic Newer Topic >>

Network Objects (using wildcards) - 26.Apr.2004 4:44:00 PM

Danee

Posts: 18
Joined: 22.Mar.2004
Status: offline

Hi All,

I'm playing around with the Network Objects at the moment and want to achieve the following: if a certain string is in the url, the url is allowed.

if the url contains the word 'saab' for example the following site's must be available:

www.saab.com
www.saab.nl
www.saabselect.nl
voyager5.saab.com
etc.

I've tried doing this by configuring a URL set, but it doesn't work as I expect (or want??) it to work.

After some trying I found this to be the best solution:

*.saab.com
www.saab*

This allows all the above urls. but doesn't do it completely, ftp.saab.nl wouldn't work for example. The wildcard I really want is *saab* (or even *.saab* would be nice) but that doesn't work.

Does anybody have any idea's or opinions about this.

I also tried this by setting up a Domain Name set, but couldn't get anywhere with that one. Maybe Tom can explain how this works, or point us to an article if he allready did explain it

Cheers,

Danee

Post #: 1

Featured Links*

RE: Network Objects (using wildcards) - 27.Apr.2004 10:44:00 AM

tshinder

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Danee,

Here's a good start:

Domain name sets define one or more domain names as a single set, so that you can apply firewall policy to the specified domains.

Uniform Resource Locator (URL) sets specify one or more URLs grouped together to form a set. URL sets can be used in access rules to allow or deny access to specified websites.

Rules applied to domain name sets and URL sets are enforced in accordance with domain information stored in the DNS. If the DNS is not configured correctly, rules may not be applied as expected.

Specifying domain names
When specifying the domain name, you can use an asterisk (*) to specify a set of computers. For example, to specify all computers in the microsoft.com domain, type the domain name as *.microsoft.com. Note that the asterisk can appear only at the start of the domain name, and can be specified only once in the name.

When you specify a domain name, specify the computer name using the fully qualified domain name (FQDN). For example, write computer_name.microsoft.com, and not \\computer_name.

Specifying URLs
When you create a URL set, you can specify one or more URLs in URL format. You can also specify a protocol and port, as follows:

Protocol:address/path:Port
Possible protocols are HTTP, HTTPS, and FTP. However, when ISA Server processes a rule that applies to a URL set, the protocol specified is ignored�only the host name and path are considered.

Although the URL can include a specific port number, ISA Server ignores that port number when processing the rule.

You can also specify a path. Wildcard characters can be used in the path, but only at the end. For example, www.microsoft.com/* is acceptable. However, www.microsoft.com/*/sales is not.

When ISA Server checks the URL sets configured for a rule, text after a question mark (?) is ignored. URLs with ?, which are included in a URL set, are ignored.

ISA Server processes rules that apply to URL sets only for Web traffic (for client requests for HTTP or FTP over HTTP). When a client uses any other protocol, ISA Server does not process rules that apply only to a URL set.

HTH,
Tom

(in reply to Danee)