ISA blocking with 502 and I can't find why (Full Version)

All Forums >> [ISA Server 2004 General ] >> General



Message


Quitch -> ISA blocking with 502 and I can't find why (23.Dec.2009 5:55:55 AM)

When I first setup our ISA a set of categories from Shalla's Blacklist were agreed upon to be blocked, and we setup a rule to block them. All is well.

However, I have recently found a few sites being blocked which according to Shalla are not on their blacklists. Fair enough, maybe they've since been removed from Shalla or someone added them manually to our lists. I export all the block lists to an XML and use the findstr command to check the XML file for the site name to see which list it's on.

Except it's not. Findstr is finding stuff like my category names (showing it's working), but if I enter the site which is being blocked then it finds nothing, yet this is a full export of every list in the blocking rule.

I'm a bit mystified as to why this is and would gladly welcome advice

C:\Documents and Settings\user\Desktop>findstr *.ca.com "Domain Name Sets.xml"

<fpc4:Str dt:dt="string">*.ca.com.mx</fpc4:Str>

C:\Documents and Settings\user\Desktop>findstr *.ca.com "URL Sets.xml"

No results



Denied Connection
SERVER 23/12/2009 10:33:20

Log type: Web Proxy (Forward)

Status: 12202 The ISA Server denied the specified Uniform Resource Locator (URL).

Rule: Internet Filtering

Source: Internal ( 10.10.10.10:0)

Destination: External ( 10.10.10.11:8080)

Request: GET http://caforums.ca.com/

Filter information: Req ID: 0242b127

Protocol: http

User: domain\user



[image]http://forums.isaserver.org/file:///E:/Program%20Files/Microsoft%20ISA%20Server/UI_HTMLs/_image/general/minusImg.gif[/image] Additional information

Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Object source: Processing time: 1
Cache info: 0x0 MIME type:




    Rotorblade -> RE: ISA blocking with 502 and I can't find why (23.Dec.2009 9:45:40 AM)

    Are there any IP's in the list?

    Best option is to create a Whitelist URL set and place it above the block list.

    RB




    Quitch -> RE: ISA blocking with 502 and I can't find why (23.Dec.2009 9:52:49 AM)

    In checking the IPs I find the names reported back by the IPs are different and those names ARE on the block list.

    Phew, no longer going mad. I think I'll go with the whitelist like you suggest. Thanks.




    Page: [1]