Welcome to ISAserver.org

Url blocking - not consistant?

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> Url blocking - not consistant?

Page: [1]

Message

<< Older Topic Newer Topic >>

Url blocking - not consistant? - 14.Jun.2004 8:09:00 PM

NetworkNewbie

Posts: 5
Joined: 14.Jun.2004
Status: offline

I'm trying to setup ISA Server 2004 on a small test network and I can't seem to get ISA to block specific websites - or at least not all of them. I can get it to block www.aol.com, www.yahoo.com, and www.slashdot.com. However, for some reason www.collegehumor.com will not properly block. For all of these sites, the entry in the URL Set in ISA is "*.<domain>.com". Does anyone have any idea why this particular website (and others I would assume) would not be caught by the URL Set filter? Thanks for the help!

Post #: 1

Featured Links*

RE: Url blocking - not consistant? - 15.Jun.2004 5:45:00 PM

tshinder

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Newbie,

Check which rule is allowing the request. Often, a rule higher up on the list is allowing a connection that you think is blocked by a deny rule.

HTH,
Tom

(in reply to NetworkNewbie)

Post #: 2

RE: Url blocking - not consistant? - 16.Jun.2004 8:21:00 PM

NetworkNewbie

Posts: 5
Joined: 14.Jun.2004
Status: offline

It is the #1 rule in the firewall policy. Furthermore it was only www.collegehumor.com that we could not block, but by putting in collegehumor's IP address we successfully blocked the site even though the web page on MS site says this can't be done. Do you know why this behavior is happening?

(in reply to NetworkNewbie)

Post #: 3

RE: Url blocking - not consistant? - 18.Jun.2004 1:19:00 AM

tshinder

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Newbie,

In the real time log viewer, what URLs are actually being accessed? What are the details of your URL set? I'll check this out myself on my own ISA 2004 firewall and see what happens.

Thanks!
Tom

(in reply to NetworkNewbie)

Post #: 4

RE: Url blocking - not consistant? - 6.Jul.2004 8:08:00 PM

NetworkNewbie

Posts: 5
Joined: 14.Jun.2004
Status: offline

Our URL set that we are testing with consists of:

*.aol.com
*.collegehumor.com
*.playboy.com
*.yahoo.com
http://collegehumor.com
http://slashdot.org

All sites block properly except for collegehumor. The event log for successful blocks reads:

Destination host: 0.0.0.0
Port: 80
Protocol: http (yes, in lowercase)
Action Taken: (none given)
Client username: anonymous
Source network: Local Host
Destination network: External
HTTP Method: GET
URL: http://209.247.228.201/ (this one is www.playboy.com)

For www.collegehumor.com though, we get:

Destination host: 63.208.177.10
Port: 80
Protocol: HTTP
Action: Denied Connection
Client username: (none given)
Source network: Local Host
Destination network: External
HTTP Method: (none given)
URL: (none given)

Thanks again for the help.

(in reply to NetworkNewbie)

Post #: 5

RE: Url blocking - not consistant? - 6.Jul.2004 10:48:00 PM

tshinder

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Newb,

Let me test it and I'll be right back.

Thanks!
Tom

(in reply to NetworkNewbie)

Post #: 6

RE: Url blocking - not consistant? - 6.Jul.2004 11:01:00 PM

tshinder

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Newb,

I've tested it on SecureNAT, Firewall and Web Proxy client configs, all separately.

Created a Domain Set and entered into the domain set:
collegehumor.com

Create an Access Rule that Denied all protocols from Source Internal to Destination Domain Set Collegehumor.com.

Blocked the connection for all three ISA client types.

Give it a try!

HTH,
Tom

(in reply to NetworkNewbie)

Post #: 7

RE: Url blocking - not consistant? - 8.Jul.2004 6:39:00 AM