• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Authentication Issues

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> Authentication Issues Page: [1]
Login
Message << Older Topic   Newer Topic >>
Authentication Issues - 7.Dec.2005 9:51:43 PM   
bspitaels

 

Posts: 1
Joined: 28.Jul.2005
From: Belgium
Status: offline
I'm currently trying to configure two http rules:
  1. Allow all http traffic only for the staff
  2. Allow all http traffic except msn for everyone (configuration see http://www.isaserver.org/articles/2004blockp2pim.html)

The second rule works without any problem. When i enable the first all http-traffic is stopped. For some reason ISA 2004 is authenticating my AD group where the staff a member of is.

We use do use the web proxy and when we fill in the proxy address in a browser we have internet (when rule 1 is enabled) on that client but MSN messenger 7.0 doesn't work even with the proxy settings completly filled in. we also need the option to bypass the proxy for our webdevelopers to check recently adjusted site.

Does anyone knows a solution to get rule 1 to work so our staff can surf and chat.
Post #: 1
RE: Authentication Issues - 7.Dec.2005 10:51:21 PM   
alfarhoud

 

Posts: 10
Joined: 4.Dec.2005
Status: offline
hello bspitaels
 
did you try to change the order of the policies?

to this
  1. Allow all http traffic except msn for everyone
  2. Allow all http traffic only for the staff

it might work

(in reply to bspitaels)
Post #: 2
RE: Authentication Issues - 7.Dec.2005 11:16:35 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
From my experience, exceptions to an allow rule will not stop further rule processing.  So if an allow rule further down lets it through, you will not get the desired effect.  You would need explicit deny rules.

Normally, deny rules should come before allow rules, but in the case of exceptions, I put deny rules immediately after the allow rule.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to alfarhoud)
Post #: 3
RE: Authentication Issues - 7.Dec.2005 11:42:27 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
I would try putting the second rule above the first one, and then confiugre the Exceptions in the Users tab to include whoever you want to exempt from the rule.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to LLigetfa)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> Authentication Issues Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts