• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Help configurating Https in Url Set

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Help configurating Https in Url Set Page: [1]
Login
Message << Older Topic   Newer Topic >>
Help configurating Https in Url Set - 13.Jun.2007 8:47:19 AM   
fabzster

 

Posts: 7
Joined: 30.Mar.2007
Status: offline
Hi and thanks for reading this....

I have an ISA 2004 Server on SBS 2003

Group 1
I have an access rule configured to allow full access for HTTP and HTTPS for 1 group of users

Group 2
I have another access rule that restricts HTTP and HTTPS access to all sites, except sites in the Url Set for another group of users.

This works great my 1 group acesses what ever they want  and the others are restricted...Nice

The Problem I am experiencing is that any sites that i have allowed access within group 2 that are HTTPS do not work. No problems if they are HTTP
Also some sites start off as HTTP then Switch to HTTPS  these dont work either

All sites work through ISA on group 1 HTTP and HTTPS

I will appreciate your help greatly

Thanking you in advance
Post #: 1
RE: Help configurating Https in Url Set - 14.Jun.2007 1:57:52 AM   
divyamshah

 

Posts: 37
Joined: 25.May2007
From: Ahmedabad,Gujarat,India
Status: offline
try to add name of https as under in url set :

https://www.examples.com

do not give the name like https://www.examples.com/* it will not work in url set.

(in reply to fabzster)
Post #: 2
RE: Help configurating Https in Url Set - 14.Jun.2007 3:38:00 AM   
fabzster

 

Posts: 7
Joined: 30.Mar.2007
Status: offline
  Hi thanks for the reply

I have tried that  still doesnt work..........

(in reply to divyamshah)
Post #: 3
RE: Help configurating Https in Url Set - 14.Jun.2007 4:31:33 AM   
divyamshah

 

Posts: 37
Joined: 25.May2007
From: Ahmedabad,Gujarat,India
Status: offline
Dear,

Clear that when you givng access of website through url set it will filter only http traffic.
for rest of  all other traffic u need to add entry of that domain in domain name set.
Examples :

Group 2   :  https://www.utibank.com/* u needs to blocks for group 2.

in domain name sets pls added Banned Domain List. in that list add entry like *.utibank.com/*

now make a new policy or change existing policy for group 2 as under.

Name : Abc , Action : Deny, Protocol : Http,Https,
from : group2 ,  To : Banned Domain List, url list (http website list)

Regards,

Divyam

(in reply to fabzster)
Post #: 4
RE: Help configurating Https in Url Set - 14.Jun.2007 4:55:21 AM   
fabzster

 

Posts: 7
Joined: 30.Mar.2007
Status: offline
 Hi thanks for taking the time to reply

This would work if i need toonly restrict acees to a few sites

But i need to restrict access to all sites except a few

This works for http sites prefectly but i have a problem with the Https sites
How can i get around this

There are about 10 sites that they must only be able to access

Below Is a description of my Access Rules

Internet Access Rule (Group 1)

Allow, HTTP HTTPS, From Internal, To External, Users= Internet unrestricted Users

Restricted Internet Access Rule (Group2)

Allow, HTTP HTTPS, From Internal, To Allowed Url Set, Users= Internet Restricted Users

Last Default Rule

< Message edited by fabzster -- 14.Jun.2007 5:06:18 AM >

(in reply to divyamshah)
Post #: 5
RE: Help configurating Https in Url Set - 14.Jun.2007 5:33:11 AM   
divyamshah

 

Posts: 37
Joined: 25.May2007
From: Ahmedabad,Gujarat,India
Status: offline
Boss,

first clear what u need to exactly do with group 2.

as i understood u is for group 2 u need to give https access only for few site which added in to Allowed Site list. isn't it..??

If it right..then
Restricted Internet Access Rule (Group2)

Allow, HTTP HTTPS, From Internal, To Allowed Url Set & Allowed Domain Set, Users= Internet Restricted Users

1. Make Allowed Domain Set in Domain Name Set

Add ur https request site in this list & add this to  Restricted Internet Access Rule (Group2.)

IT will works.
Regards,
Divyam

(in reply to fabzster)
Post #: 6
RE: Help configurating Https in Url Set - 14.Jun.2007 6:18:19 AM   
fabzster

 

Posts: 7
Joined: 30.Mar.2007
Status: offline
 I added the sites to a domain set

This still did not work

I wonder what the problem is its makes no sense

(in reply to divyamshah)
Post #: 7
RE: Help configurating Https in Url Set - 14.Jun.2007 7:09:07 AM   
divyamshah

 

Posts: 37
Joined: 25.May2007
From: Ahmedabad,Gujarat,India
Status: offline
Dear ,

I have checked the same thing on my isa server it's working, Pls  see the examples.

site https://www.utibank.com
     https://www.geojit.com
     https://rmol.geojitonline.com
in domain name list : Allowed Domain List
                               *.utibank.com
                               *.geojit.com
                               *.geojitonline.com
above name is for examples.

u do according that & set to group 2 list in TO field of access policy.

It will works

Regards

Divyam

_____________________________

Divyam Shah
CCNA,MCSA 2003 Track,DHT.

(in reply to fabzster)
Post #: 8
RE: Help configurating Https in Url Set - 14.Jun.2007 8:02:19 AM   
fabzster

 

Posts: 7
Joined: 30.Mar.2007
Status: offline
 Im really sorry but its not working for me .....something is definately wrong
I have sent u an email to divyam_shah@yahoo.com with an attached .xls of the log
Maybe this will help a little

(in reply to divyamshah)
Post #: 9
RE: Help configurating Https in Url Set - 17.Jul.2007 12:47:19 PM   
Pyromite78

 

Posts: 11
Joined: 4.Apr.2006
Status: offline
The Allow group should have a higher priority then the Deny group.

(in reply to fabzster)
Post #: 10
RE: Help configurating Https in Url Set - 19.Jul.2007 9:22:39 AM   
hantahipi

 

Posts: 84
Joined: 26.Jan.2006
From: Kenya
Status: offline
Hi,

how about this:

1. Have a RULE 1 that allows access access to HTTP and HTTPS to GROUP 1 and GROUP 2 (all users if all your users fall into either 1 or 2)

2. Have a RULE 2 (above rule 1) that denies access from INTERNAL (or HTTP/S) to URL SET for USERSET (create a user group to include the users who should not access this urlset)

Thank you

(in reply to Pyromite78)
Post #: 11

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Help configurating Https in Url Set Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts