Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

https in ISA

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS >> https in ISA Page: [1]
Login
Message << Older Topic   Newer Topic >>
https in ISA - 11.Nov.2007 11:21:57 PM   
pwintho

 

Posts: 2
Joined: 6.Nov.2007
Status: offline 		Hi

I am trying to setup the firewall policy rule in ISA2004 to resrtrict a
group of users to be able to use certain websites only.

Every other web sites tested fine but all with https, I cant apply the rule.

The two example https web sites are https://iescr.hpa.com.au/txu/reprint and
https://accessinfo.com.au.

I have tried *iescr.hpa.com.au/txu/reprint/* and *accessinfo.com.au/* and
both doesnt work. I have alook at the website on miscrosoft which says For
URL set entry:

“a.com", HTTPS requests will be matched, because no path is specified
".com/", HTTPS requests will not be ".com/", HTTPS requests will not be.

My setup in policy as below as I cant copy the screenshots to here.

     name           Action        Protocols       From/listener               To                                 Condition
2    Research     allow           FTP                all networks (and         excepted sites             restriced
      internet                                                    local host)                                                          users
     use                                   FTP server                         
                                              HTTP  
                                              HTTPS
                                              HTTPS SERVER

I dont know what to do with my case. Any suggestion will be grateful. Many
thanks.

Post #: 1
RE: https in ISA - 12.Nov.2007 11:04:49 AM   
Rotorblade

 

Posts: 976
Joined: 27.Feb.2007
Status: offline 		Hi,

It's not going to work. You can't use URL sets that contain SSL links. (It's encrypted!) You need to use a Domain name set instead.

The other option would be to use Clear Tunnel -> https://www.collectivesoftware.com/Products/

HTH

RB

(in reply to pwintho)
Post #: 2
RE: https in ISA - 12.Nov.2007 2:26:53 PM   
Rotorblade

 

Posts: 976
Joined: 27.Feb.2007
Status: offline 		Further more....

quote:

 
2    Research     allow           FTP                all networks (and         excepted sites             restriced
     internet                                                    local host)                                                          users
    use                                   FTP server                         
                                             HTTP  
                                             HTTPS
                                             HTTPS SERVER



You should remove the HTTPS Server and FTP Server protocol definitions from your outbound access rules. Inbound protocols should never be combined with outbound access rules. Create Server or Web publishing rule’s that applies to the specific inbound protocol and place them in the proper order above any outbound or specific deny access rules.

HTH

RB

(in reply to pwintho)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS >> https in ISA Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts