We have some computers on our network with Firefox installed. We do not want people to use Firefox as we are unable to lock it down to go through our web filter (which is seperate to ISA on different hardware).
To that end, we have created a rule in the http policy within ISA 2006 to block 'Firefox' as a user agent.
We would like, if possible, to let Firefox access a small limited number of URLs whilst preventing them from accessing any other websites.
I made no comment as to why Firefox is installed on a set number of computers. The computers in question are 40 Asus EeePC's which are in use by our Science department. Firefox is pre-installed and the OS is not directly compatible with our 'normal' school network (RM Connect 3).
Students use these as independent learning devices with Intranet access to a single learning platform. For 'network' use these EeePC's run a terminal server connection to our Thin Client server which gives them full, secured and trackable Internet access and the system is locked down to prevent them doing anything we don't want them to.
What we would like to do is allow these EeePC's, under Linux/Firefox, to access a small number of Internet-based educational websites.
You jumped to a rather interesting conclusion as to why Firefox was installed when it is against policy...it is against policy except where there are limited options for such changes and support for such changes.
Anyhow, it seems I am unable to do this unless easily? We can obviously get the MAC address info for all of these EeePC's etc - is it possible to use this to control access?
From: Taylorville, IL
Let's go back to the first post (I like to do that a lot). I don't think it was dealt with as it should.
had a look through the HTTP policy where we blocked Firefox but it doesn't seem to have the scope to allow some URL's through but not others. Is it possible to do this?
What policy???? What are the exact specs of this policy? Exactly how did you block firefox with this policy? (yes, I think I know, but I want you to explain it anyway to be sure) If we don't know what you did,..we can not possibly tell you what you should do now.
The simplest thing to do is create a Domain Name Set or URL Set for the "Firefox Allowed Sites" and add them to the Exceptions box on the "To" Tab of the Rule. This causes the Rule to simply "not apply" to the traffic when those are the destinations. Then follow it up with a second HTTP Rule to allow this traffic.
well if your computers are on a domain wouldnt it be easier to create policy effecting proxy settings on IE only therefore FF wont have address information and specifically allow only domain group access to specific URL list?
but i guess there is alot more other information to take into consideration.