Block access to specific HTTPS sites - not easy?

Block access to specific HTTPS sites - not easy? (Full Version)

All Forums >> [ISA Server 2004 Cache] >> Web Proxy client

Message

rapido -> Block access to specific HTTPS sites - not easy? (9.Aug.2007 12:28:40 AM)
Hi I’m after advice on how to block access to specific HTTPS sites (EG https://mail.google.com/mail/) while allowing all other HTTPS sites. URL Sets do not work with HTTPS nor do HTTP signature filters so I can't make a deny rule. AJ

spouseele -> RE: Block access to specific HTTPS sites - not easy? (9.Aug.2007 3:04:20 PM)
Hi rapido, ISA can only peek into the HTTP connect method for HTTPS traffic and therefore can only perform access control on the FQDN (mail.google.com in your example), not on any path. HTH, Stefaan

ferrix -> RE: Block access to specific HTTPS sites - not easy? (9.Aug.2007 5:16:49 PM)
Also, if you have Secure NAT clients then you can't use the domain name either, because they are being intercepted and don't use proxy CONNECT tunneling. So you should block all known IPs too if you have SNAT users. If you want to inspect HTTPS connections fully you can use ClearTunnel.

Page: [1]