URL and Domain Filtering is inconsistent (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering



Message


gburch -> URL and Domain Filtering is inconsistent (27.Jul.2007 8:52:04 AM)

At the request of senior management, I have blocked a number of websites with our ISA Server.  I have done this by creating Domain Name sets in various categories, and populating them with banned domains (eg:  *.domain.co.uk), and then creating an array access rule to deny access to these Domain Name Sets.

For the most part this has worked as expected, however there is one particular domain for which we want to allow access for specific subdomains.  I have created another Domain Name set containing all the exceptions (eg:  feeds.domain.co.uk), and entered this as an exception in the destinations tab of the blocking rule.  Sometimes, this works as expected, but it is very inconsistent in it's application.

Sometimes, access to the allowed subdomains is denied, and sometimes access to the whole domain is permitted.

Is there a better way to achieve this blocking of websites?  Am I doing something wrong?




ianfermo -> RE: URL and Domain Filtering is inconsistent (27.Jul.2007 12:51:33 PM)

Hi,

Instead of doing it on exceptions why not create an ALLOW Rule going to the destination set ABOVE the DENY Rule you created.

Cheers...




gburch -> RE: URL and Domain Filtering is inconsistent (28.Jul.2007 8:30:38 AM)

Thanks for the suggestion. I created an allow rule containing the Domain Name Set for the subdomains I want to allow access to, but access is still intermittent. The new rule is first in the list, any other ideas?




ianfermo -> RE: URL and Domain Filtering is inconsistent (31.Jul.2007 12:24:34 PM)

Hi,

How do you put your actual URL/Domain to the destination set? How about trying a wildcard to achive your goal.

Ex.
*.domain.com
domain.com/*

Please post your actual URL/Domain you are trying to accomplish.

Cheers...




gburch -> RE: URL and Domain Filtering is inconsistent (3.Aug.2007 4:14:47 AM)

Thank you for the response.

The problem URL in my blocked Domain Filtering list is  *.bbc.co.uk

An example of the entry in the allowed Domain Filtering list is news.bbc.co.uk




ianfermo -> RE: URL and Domain Filtering is inconsistent (4.Aug.2007 6:18:14 AM)

Hi,

You can allow certain subdirectories within the block domain.

Ex. Allow ---- URL(http://news.bbc.co.uk)

Just make sure its on top of the DENY rule that you created for the domain *.bbc.co.uk in this case you will be using URL to allow rather than DOMAIN sets.

Cheers...




Page: [1]