• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

URL and Domain Filtering is inconsistent

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> URL and Domain Filtering is inconsistent Page: [1]
Login
Message << Older Topic   Newer Topic >>
URL and Domain Filtering is inconsistent - 27.Jul.2007 8:52:04 AM   
gburch

 

Posts: 13
Joined: 3.Apr.2007
Status: offline
At the request of senior management, I have blocked a number of websites with our ISA Server.  I have done this by creating Domain Name sets in various categories, and populating them with banned domains (eg:  *.domain.co.uk), and then creating an array access rule to deny access to these Domain Name Sets.

For the most part this has worked as expected, however there is one particular domain for which we want to allow access for specific subdomains.  I have created another Domain Name set containing all the exceptions (eg:  feeds.domain.co.uk), and entered this as an exception in the destinations tab of the blocking rule.  Sometimes, this works as expected, but it is very inconsistent in it's application.

Sometimes, access to the allowed subdomains is denied, and sometimes access to the whole domain is permitted.

Is there a better way to achieve this blocking of websites?  Am I doing something wrong?
Post #: 1
RE: URL and Domain Filtering is inconsistent - 27.Jul.2007 12:51:33 PM   
ianfermo

 

Posts: 235
Joined: 7.Nov.2004
From: Zamboanga, Philippines
Status: offline
Hi,

Instead of doing it on exceptions why not create an ALLOW Rule going to the destination set ABOVE the DENY Rule you created.

Cheers...

(in reply to gburch)
Post #: 2
RE: URL and Domain Filtering is inconsistent - 28.Jul.2007 8:30:38 AM   
gburch

 

Posts: 13
Joined: 3.Apr.2007
Status: offline
Thanks for the suggestion. I created an allow rule containing the Domain Name Set for the subdomains I want to allow access to, but access is still intermittent. The new rule is first in the list, any other ideas?

(in reply to ianfermo)
Post #: 3
RE: URL and Domain Filtering is inconsistent - 31.Jul.2007 12:24:34 PM   
ianfermo

 

Posts: 235
Joined: 7.Nov.2004
From: Zamboanga, Philippines
Status: offline
Hi,

How do you put your actual URL/Domain to the destination set? How about trying a wildcard to achive your goal.

Ex.
*.domain.com
domain.com/*

Please post your actual URL/Domain you are trying to accomplish.

Cheers...

(in reply to gburch)
Post #: 4
RE: URL and Domain Filtering is inconsistent - 3.Aug.2007 4:14:47 AM   
gburch

 

Posts: 13
Joined: 3.Apr.2007
Status: offline
Thank you for the response.

The problem URL in my blocked Domain Filtering list is  *.bbc.co.uk

An example of the entry in the allowed Domain Filtering list is news.bbc.co.uk

(in reply to ianfermo)
Post #: 5
RE: URL and Domain Filtering is inconsistent - 4.Aug.2007 6:18:14 AM   
ianfermo

 

Posts: 235
Joined: 7.Nov.2004
From: Zamboanga, Philippines
Status: offline
Hi,

You can allow certain subdirectories within the block domain.

Ex. Allow ---- URL(http://news.bbc.co.uk)

Just make sure its on top of the DENY rule that you created for the domain *.bbc.co.uk in this case you will be using URL to allow rather than DOMAIN sets.

Cheers...

(in reply to gburch)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> URL and Domain Filtering is inconsistent Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts