Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
denied acces to some websites
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
denied acces to some websites - 27.Mar.2006 10:11:01 AM
|
|
|
jorisw86
Posts: 40
Joined: 26.May2005
Status: offline
|
hi all.
i have isa installed and configuerd now.
i have made a rule to block acces to some websites for the students here.
the rule is on top number 1 els it aint working.
this is working fine and stuff.
i addes the group students so it block them to acces those websites.
but when i don't add all users and the group students the get a auth box to enter username and password to enter to enter the site.
when i do add all users and the group student the get the blocked websites that i defined for them.
no i also have other groups that are allowed to see this sites but cause the other rule is on top those sites are being blocked ass well for them.
how can i block these sites for only the students so they don't get the auth box??
|
|
|
|
|
RE: denied acces to some websites - 28.Mar.2006 10:02:53 AM
|
|
|
jorisw86
Posts: 40
Joined: 26.May2005
Status: offline
|
i am directing them to an internal self made acces denied page.
that is working fine.
but i want some people also to acces those sites but that aint working how do i make this work??
without them getting the auth box
|
|
|
|
|
RE: denied acces to some websites - 29.Mar.2006 12:18:48 PM
|
|
|
elmajdal
Posts: 5074
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
this is the first time i see rules in such a way !!!
why r u using All Users and also adding multiple users with it !!! what the point of that ??
why r u putting From : External Local Host Internal TO External LocalHost Internal in ur Rules???
why u r creating RDP rule from Internal to Internal !!
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: denied acces to some websites - 29.Mar.2006 2:37:20 PM
|
|
|
jorisw86
Posts: 40
Joined: 26.May2005
Status: offline
|
rdp is needed internal to be able to enter the servers for us.
the internal external en localhost needs to be added in some rules els we won't have internet here.
and when i add only the user groups like i said before all users get an auth box to enter websites.
how do i force people to login with cridentials to isa so they can't do it anonymus??
or can u guys say wich rules need to be changed and change what about it??
< Message edited by jorisw86 -- 29.Mar.2006 2:38:47 PM >
|
|
|
|
|
RE: denied acces to some websites - 29.Mar.2006 4:17:40 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Joris,
For the deny rule, make sure you redirect users to an internal site.
Also, do not create rules that allow Internal to Internal.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: denied acces to some websites - 29.Mar.2006 11:16:57 PM
|
|
|
jorisw86
Posts: 40
Joined: 26.May2005
Status: offline
|
ok thnx tom i am gonna try that tomorrow morning.
when u go to monitor and set it to monitor live u can see wich websites are being opend but it's says anonymus can i make it so i see people who i logged on on that computer/ip??
so anonymus is gone??
|
|
|
|
|
RE: denied acces to some websites - 30.Mar.2006 2:34:11 PM
|
|
|
jorisw86
Posts: 40
Joined: 26.May2005
Status: offline
|
i think i know why i get the auth box.
everyone is logging in as anonymus so we are going to install a radius server so people have to login with there cridentials automatic.
and anonymus is under the group all users.
an other question i have set some content types but they aint working the people can still download mp3 and stuff how comes??
|
|
|
|
|
RE: denied acces to some websites - 30.Mar.2006 4:32:19 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
ORIGINAL: jorisw86
ok thnx tom i am gonna try that tomorrow morning.
when u go to monitor and set it to monitor live u can see wich websites are being opend but it's says anonymus can i make it so i see people who i logged on on that computer/ip??
so anonymus is gone??
Hi Joris,
In order to authenticate you need to make the clients Web proxy clients.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: denied acces to some websites - 31.Mar.2006 6:05:01 PM
|
|
|
jorisw86
Posts: 40
Joined: 26.May2005
Status: offline
|
how do i make them web proxy clients then??
|
|
|
|
|
RE: denied acces to some websites - 31.Mar.2006 6:10:23 PM
|
|
|
elmajdal
Posts: 5074
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
you can set the proxy manually or through group policy.
the proxy is ISA Internal IP with the port used , default is 8080.
to set it manually,
- Click "Internet Options";
- Click "Connections";
- click "LAN Settings" button in the "Local Area Network (LAN) Settings" group box;
- Enable "use a proxy server";
- In fields "Address" and "port", type proxy name and proxy port number;
- If nessesary, enable "bypass proxy server for local addresses";
- Click "OK";
- Click "OK" to close IE settings.
or using the Firewall client for automatic configuration:
http://www.isaserver.org/articles/ISA2004_ClientAutoConfig.html
< Message edited by elmajdal -- 31.Mar.2006 6:12:34 PM >
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: denied acces to some websites - 31.Mar.2006 8:53:33 PM
|
|
|
jorisw86
Posts: 40
Joined: 26.May2005
Status: offline
|
we already have that configuerd internet is working true the isa server.
just not authenticated.
so we need an authenthication server i think.
or the firewall client gonna try that one monday morning i hope the users are authenticated then
|
|
|
|
|
RE: denied acces to some websites - 31.Mar.2006 8:58:20 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
quote:
we are going to install a radius server
Why not just join ISA to the domain?
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: denied acces to some websites - 1.Apr.2006 12:09:20 AM
|
|
|
jorisw86
Posts: 40
Joined: 26.May2005
Status: offline
|
how do u mean just join the domain isa server is member of the domain.
the isaserver is in the domain delta
|
|
|
|
|
RE: denied acces to some websites - 1.Apr.2006 12:16:32 AM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
If the groups you are trying to apply the rules to are also in that domain or a trused domain, then you have something broken that needs fixing. My crystal ball is broken and is beyond fixing.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: denied acces to some websites - 1.Apr.2006 12:44:50 PM
|
|
|
jorisw86
Posts: 40
Joined: 26.May2005
Status: offline
|
i don't think anything is broken it never worked from the beginning cause every one logs in anonymus true the web proxy client.
|
|
|
|
|
RE: denied acces to some websites - 1.Apr.2006 2:30:46 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
How can you say it is NOT broken?
quote:
but when i don't add all users and the group students the get a auth box to enter username and password to enter to enter the site.
By your own admission, it IS broken.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
