Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Weird issue with HTTP content restrictions

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Weird issue with HTTP content restrictions Page: [1]
Login
Message << Older Topic   Newer Topic >>
Weird issue with HTTP content restrictions - 15.Dec.2004 1:34:00 PM   
Firefox

 

Posts: 22
Joined: 11.Aug.2004
Status: offline 		Hi,

I have a question about access rules where http content is restricted.

I have created a set of rules in the following order:

1: Allow to "Internet Users" Content customtype "Webscript"
2: Deny to "Internet Users" except "ICT" Content types Application, App. Data Files, Compressed Files
3: Allow to "Internet Users" all

Webscript is based on
- application/x-javascript
- application/xml
- text/scriptlet
- text/x-scriptlet

Why these rules?

rule 3: to enable HTTP(S) and FTP for our users that may use the internet
rule 2: to protect for malicious executable code, and keep non ICT department users from downloading executables.
rule 1: to enable specific executable content that is required for websites to work correctly.

What is going wrong?
If rule 1 is not enabled, several websites containing menus build in Javascript etc. will not work. (For example www.cdfoongids.nl)
If rule 1 is being enabled, some other sites (such as www.locatienet.nl won't work when trying to plot a route or search a street: the results page remains empty.)

So the bad is... either cdfoongids works, or locatienet works. I can't figure out why any site, such as locatienet is blocked by something that just a limited allow rule?! Can anyone provide me with an alternate solution that provides for the following:

- Allow all kinds of web protocols FTP, HTTP and HTTPS to a restricted group of Internet enabled users
- Disable the download of executable content for anyone but the ICT department (also part of the security group "Internet Enabled")
- Be able to use search sites such as CDFoongids.nl and locatienet.nl that make use of clientside scripting languages.
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Weird issue with HTTP content restrictions Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts