• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Blocking URL access depending on security group

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> Blocking URL access depending on security group Page: [1]
Login
Message << Older Topic   Newer Topic >>
Blocking URL access depending on security group - 10.Jul.2012 4:44:31 AM   
TheGoatreich

 

Posts: 45
Joined: 26.May2011
Status: offline
I'm looking to block access to certain URLs if the logged in user is a member of a certain AD security group. The way I've done this so far is to have a deny rule to the specific URLs for the user group in question, then beneath that have my regular allow all users web access rule.

The problem I'm getting is that regular users are being denied access to the resources aswell, and the logs show it is because the first request to the site is anonymous. We don't require all users to authenticate, as this causes problems for our many Apple users out there, but Integrated authentication is set within the internal network properties.

Should I be configuring this differently to achieve my goal?
Post #: 1
RE: Blocking URL access depending on security group - 10.Jul.2012 8:26:29 AM   
dvizzle

 

Posts: 236
Joined: 20.Apr.2009
Status: offline
Double check your rule. Sounds like it is correct, but make sure the AD group you are using ONLY has the user accounts of the people you want to block. Also make sure the rule is applied to that group, and you remove the other default groups like All Users.

Double check this and then try it using the troubleshooting traffic simulator

(in reply to TheGoatreich)
Post #: 2
RE: Blocking URL access depending on security group - 10.Jul.2012 8:42:07 AM   
TheGoatreich

 

Posts: 45
Joined: 26.May2011
Status: offline
I've found the problem! Somebody had added all staff from a certain department to the Seucirty Group! Argh! Thanks for your time in responding, it might have been days before I double checked that group otherwise.

(in reply to dvizzle)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> Blocking URL access depending on security group Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts