From: Sao Paulo, Brazil
Greetings! This one is a puzzle to me right now.
I run this ISA Server 2006 Standard (fully updated) performing web proxy for users. Computers use the Configuration URL, doesn't use the Firewall Client and this ISA box isn't the default gateway to these computers.
There's a user group which can access a specific list of web sites, but sometimes they can access some sites that aren't listed anyway (by domain name, URL, IP, LAT).
So i've created a user with the same profile to these above and all the times the proxy doesn't allow access: just like it should be.
First thought was "they're using someone's credentials with less restrictions", but digging the logs, i've found the access made by the restricted user itself and authorized by the very rule that should block him.
Following closer one of this users all the day, there's log entries blocking the access and others allowing them.
So i ask by any clue or idea to look at. I've checked everything to exaustion and all seems correct - rule order, authentication, sources and destinations, lists of IPs, domains and URLs. Maybe someone find a "way" to bypass the proxy rules?
Thanks in advance! Any idea would be appreciated. (Sorry about the poor english...)