Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

URL Sets

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> URL Sets Page: [1]
Login
Message << Older Topic   Newer Topic >>
URL Sets - 17.May2006 10:05:37 PM   
stullhe

 

Posts: 11
Joined: 5.Oct.2004
Status: offline 		Hello,

Using ISA 2k4 I want to allow a specific computer behind the firewall to access one specific https website and restrict access to all other websites.

In essence, the company has a health plan that employees must access via the web to update their coverages. Some employees do not have a computer at home (imagine that) so we want to provide one at the office for that purpose. But we want to keep this computer from being the place where everyone goes (especially during off hour shifts) to surf the web.

I was working with a support rep at MS and we got close but it seems like you can only use the URL Sets for http traffic. I was able to block all but google.com, for example, by creating a URL Set as *.google.com or http://www.google.com/* and then creating Firewall Rules using that URL set along with a Deny rules that prevents all traffic from that computer to the External network.

But when I modify the URL set to the https://site it fails with the error message: "Cannot find server or DNS error". Of course I made sure that I could access this https site before implementing the rules.

Any help would be greatly appreciated. The support rep at MS is looking into it also so if I get a solution from him I will post it here.

Thank you, Herb
Post #: 1
RE: URL Sets - 18.May2006 12:20:10 AM   
elmajdal

 

Posts: 5103
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

Using ISA 2k4 I want to allow a specific computer behind the firewall to access one specific https website and restrict access to all other websites.


by default ISA 2004 denies eveything eith the default deny rule, so u can simple create a new allow rule for this specific user with a DOMAIN NAME SET  that includes for example *hotmail.com and *yahoo.com
 
so ur rule wil be :

Allow > Selected protocols ( for example HTTP & HTTPS) > From Internal > To Domain Name Set > This user



quote:

But when I modify the URL set to the https://site it fails with the error message: "Cannot find server or DNS error". Of course I made sure that I could access this https site before implementing the rules.


try a Domain Name Set, and include in it the urls in this format *site.tld , ex. *hotmail.com

HTH

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to stullhe)
Post #: 2
RE: URL Sets - 18.May2006 3:16:26 PM   
stullhe

 

Posts: 11
Joined: 5.Oct.2004
Status: offline 		Thank you for the reply and suggestion.

Unfortunately, the Domain Name Sets seem to work the same way that URL Sets do. It works for an http site but when the traffic is https I still get "Cannot find server or DNS error".

It seems like this solution just will not work with https.


(in reply to elmajdal)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> URL Sets Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts