• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Site is blocked even though it is not in list

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> Site is blocked even though it is not in list Page: [1]
Login
Message << Older Topic   Newer Topic >>
Site is blocked even though it is not in list - 8.Aug.2011 11:55:36 AM   
wburton

 

Posts: 3
Joined: 9.Feb.2011
Status: offline
I am loading a large number of blacklist entries from the lists at www.shallalist.de. They publish a domain list and url list for each of their categories. I have a rule that contains the shopping domain list wich has about 179,000 entries. I have eliminated the url list by testing. The logs tell me that www.gumdropcases.com is being blocked by this list yet there is no entry for gumdropcases. That string is not even found as part of another name when I search the list. There are 2 entries that have gumdrop. I removed those and it still blocks gumdropcases. I have rebooted the ISA server to be sure there is no memory corruption.

Anyone have any theory about what may be going on?
Post #: 1
RE: Site is blocked even though it is not in list - 9.Aug.2011 11:13:17 AM   
wburton

 

Posts: 3
Joined: 9.Feb.2011
Status: offline
Found it!!

From technet article http://technet.microsoft.com/en-us/library/bb794766.aspx

quote:

Name Evaluation by ISA Server
When a client makes an HTTP request, it may be a name, an FQDN, or an IP address. This topic provides examples of how ISA Server handles these requests.

If an HTTP request uses a site name, such as http://www.fabrikam.com, ISA Server recognizes the name in the request and performs a forward name resolution to a DNS server to get the FQDN, aliases, and the IP addresses associated with that name. The result is that ISA Server has available the site name, the FQDN, the aliases, and the IP addresses to compare to the access rule requirements. Any one of those elements could be a match to the rule, depending on which element was used in the rule.

In the example of www.fabrikam.com, the following elements could match an access rule:

Name: www.fabrikam.com

FQDN: fabrikam.com

IP addresses: 207.46.250.119, 207.46.130.108

So I did an nslookup of www.gumdropcases.com:

Non-authoritative answer:
Name: html.store.yahoodns.net
Address: 68.142.205.137
Aliases: www.gumdropcases.com
stores.yahoo.net

which gives me stores.yahoo.net which is blocked. I removed that entry (as compared to store.yahoo.net that I removed before) and now the request goes through. I can now put stores.yahoo.net back in the list and properly answer why the site is blocked.

(in reply to wburton)
Post #: 2
RE: Site is blocked even though it is not in list - 17.Aug.2011 5:05:45 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

glad you solved! Thanks for sharing!

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to wburton)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> Site is blocked even though it is not in list Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts