At the request of senior management, I have blocked a number of websites with our ISA Server. I have done this by creating Domain Name sets in various categories, and populating them with banned domains (eg: *.domain.co.uk), and then creating an array access rule to deny access to these Domain Name Sets.
For the most part this has worked as expected, however there is one particular domain for which we want to allow access for specific subdomains. I have created another Domain Name set containing all the exceptions (eg: feeds.domain.co.uk), and entered this as an exception in the destinations tab of the blocking rule. Sometimes, this works as expected, but it is very inconsistent in it's application.
Sometimes, access to the allowed subdomains is denied, and sometimes access to the whole domain is permitted.
Is there a better way to achieve this blocking of websites? Am I doing something wrong?
Thanks for the suggestion. I created an allow rule containing the Domain Name Set for the subdomains I want to allow access to, but access is still intermittent. The new rule is first in the list, any other ideas?