I am loading a large number of blacklist entries from the lists at www.shallalist.de. They publish a domain list and url list for each of their categories. I have a rule that contains the shopping domain list wich has about 179,000 entries. I have eliminated the url list by testing. The logs tell me that www.gumdropcases.com is being blocked by this list yet there is no entry for gumdropcases. That string is not even found as part of another name when I search the list. There are 2 entries that have gumdrop. I removed those and it still blocks gumdropcases. I have rebooted the ISA server to be sure there is no memory corruption.
Anyone have any theory about what may be going on?
Name Evaluation by ISA Server When a client makes an HTTP request, it may be a name, an FQDN, or an IP address. This topic provides examples of how ISA Server handles these requests.
If an HTTP request uses a site name, such as http://www.fabrikam.com, ISA Server recognizes the name in the request and performs a forward name resolution to a DNS server to get the FQDN, aliases, and the IP addresses associated with that name. The result is that ISA Server has available the site name, the FQDN, the aliases, and the IP addresses to compare to the access rule requirements. Any one of those elements could be a match to the rule, depending on which element was used in the rule.
In the example of www.fabrikam.com, the following elements could match an access rule:
which gives me stores.yahoo.net which is blocked. I removed that entry (as compared to store.yahoo.net that I removed before) and now the request goes through. I can now put stores.yahoo.net back in the list and properly answer why the site is blocked.