• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA blocking with 502 and I can't find why

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> General >> ISA blocking with 502 and I can't find why Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA blocking with 502 and I can't find why - 23.Dec.2009 5:55:55 AM   
Quitch

 

Posts: 8
Joined: 10.Aug.2009
Status: offline
When I first setup our ISA a set of categories from Shalla's Blacklist were agreed upon to be blocked, and we setup a rule to block them. All is well.

However, I have recently found a few sites being blocked which according to Shalla are not on their blacklists. Fair enough, maybe they've since been removed from Shalla or someone added them manually to our lists. I export all the block lists to an XML and use the findstr command to check the XML file for the site name to see which list it's on.

Except it's not. Findstr is finding stuff like my category names (showing it's working), but if I enter the site which is being blocked then it finds nothing, yet this is a full export of every list in the blocking rule.

I'm a bit mystified as to why this is and would gladly welcome advice

C:\Documents and Settings\user\Desktop>findstr *.ca.com "Domain Name Sets.xml"

<fpc4:Str dt:dt="string">*.ca.com.mx</fpc4:Str>

C:\Documents and Settings\user\Desktop>findstr *.ca.com "URL Sets.xml"

No results



Denied Connection
SERVER 23/12/2009 10:33:20

Log type: Web Proxy (Forward)

Status: 12202 The ISA Server denied the specified Uniform Resource Locator (URL).

Rule: Internet Filtering

Source: Internal ( 10.10.10.10:0)

Destination: External ( 10.10.10.11:8080)

Request: GET http://caforums.ca.com/

Filter information: Req ID: 0242b127

Protocol: http

User: domain\user



Additional information

Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Object source: Processing time: 1
Cache info: 0x0 MIME type:


    < Message edited by Quitch -- 23.Dec.2009 5:59:01 AM >
    Post #: 1
    RE: ISA blocking with 502 and I can't find why - 23.Dec.2009 9:45:40 AM   
    Rotorblade

     

    Posts: 1348
    Joined: 27.Feb.2007
    Status: offline
    Are there any IP's in the list?

    Best option is to create a Whitelist URL set and place it above the block list.

    RB

    _____________________________

    David Melvin
    Ohio
    MCSE: Security 2003, MCSA:Security 2003

    (in reply to Quitch)
    Post #: 2
    RE: ISA blocking with 502 and I can't find why - 23.Dec.2009 9:52:49 AM   
    Quitch

     

    Posts: 8
    Joined: 10.Aug.2009
    Status: offline
    In checking the IPs I find the names reported back by the IPs are different and those names ARE on the block list.

    Phew, no longer going mad. I think I'll go with the whitelist like you suggest. Thanks.

    (in reply to Rotorblade)
    Post #: 3

    Page:   [1] << Older Topic    Newer Topic >>
    All Forums >> [ISA Server 2004 General ] >> General >> ISA blocking with 502 and I can't find why Page: [1]
    Jump to:

    New Messages No New Messages
    Hot Topic w/ New Messages Hot Topic w/o New Messages
    Locked w/ New Messages Locked w/o New Messages
     Post New Thread
     Reply to Message
     Post New Poll
     Submit Vote
     Delete My Own Post
     Delete My Own Thread
     Rate Posts