• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: Discussion about article on site blocking

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> RE: Discussion about article on site blocking Page: <<   < prev  1 2 [3] 4   next >   >>
Login
Message << Older Topic   Newer Topic >>
RE: Discussion about article on site blocking - 10.Aug.2006 4:58:48 PM   
JerseyJack

 

Posts: 7
Joined: 19.Jul.2006
Status: offline
Greg or Tom,

Can you briefly explain the behavior of ISA 2004 out of the box with respect to URL sets?  For example, while logged on locally to the ISA server I can browse various MSFT sites but not others.  Where can I find this predefined "allowable" list?  Do I have to explicitly enable URL sets?

Thanks!

Jack

(in reply to tshinder)
Post #: 41
RE: Discussion about article on site blocking - 13.Aug.2006 6:28:26 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jack,

The ISA firewall has a System Policy rule that allows the Local Host Network to connect to certain sites. If you enable the System Policy Rules for viewing, you'll see them and the URL or Domain Name Sets that are being allows.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to JerseyJack)
Post #: 42
RE: Discussion about article on site blocking - 29.Sep.2006 5:13:08 PM   
amentma

 

Posts: 6
Joined: 27.Sep.2005
From: Slovakia
Status: offline
Hi,
is there any limit of URLs and Domains included in one set? I was trying to import Steve Moffat's XML files from the link - a sum of 20 files in Domain name set. But when I import file no. 3 I think it overwrites the previous link in the Set. I'm using ISA2004 EE SP2. Thanks.

(in reply to tshinder)
Post #: 43
RE: Discussion about article on site blocking - 12.Oct.2006 5:44:53 AM   
shamsr

 

Posts: 4
Joined: 13.May2005
Status: offline
Hi All,
 
I read the article and wanted to create my own URL block list from scratch, but when I creatd the rule as descirbed in the article, the users could easily access the site that was in the blocked list. (To test, I just created one site)

The rule is on the the top of the Firewall Policy.
 
Please help me out !!
 
-shamsr

(in reply to tshinder)
Post #: 44
RE: Discussion about article on site blocking - 20.Dec.2006 2:16:30 AM   
Maclanachu

 

Posts: 3
Joined: 14.Aug.2005
From: Auckland
Status: offline
Managed to screw up my mgmt console by following this!

Imported the Blocklist.xml into URL Sets fine.
Created a new rule using that destination.
Tested it, worked fine.
Great! Now add some more... (oh dear)
Got the 5 porn site XMLs from
http://www.isaserver.bm/destination_sets.html
I imported them all in as before, but this time only went to apply after they were all in. Took too long and it failed.
I tried to discard changes and got the error 0x80070002 cannot find the file specifed. (Not that I could be told what that particular file is, nah that would be a USEFUL error msg!)
No problem, I'll just Restore from a previous config backup.
Nope. Same error msg.
I deleted the Firewall policy that used that URL sets and tried to apply changes. Nope. same error msg.
Tried to restore the config. Same error msg.
Proxy services still work, but if I try to get into the URL sets through View \ Toolbox Network Objects. I cannot right click on the Url sets and the little menu just below Network Objects is gone.
So my Toolbox appears to be broken and I can't tell it to reset the URL sets.

HELP!
Running ISA Server 2004 standard. Very recent new install. Haven't really fully rolled it out even. It's a dedicated Windows 2003 Server with Web Spy Analyzer running also.

thx if u can help

Mac.

(in reply to shamsr)
Post #: 45
RE: Discussion about article on site blocking - 1.Feb.2007 6:49:40 PM   
kb5oze

 

Posts: 20
Joined: 18.Apr.2002
From: New Orleans, La
Status: offline
Hi,
    Has anyone successfully imported any of the lists into ISA 2006? We just got it in and loaded. I attempted to import the lists and I get an error. The error is

" The exported configuration file is from a beta installation of ISA Server. Importing a beta configuration file to this released version of ISA Server is not supported. To import a beta configuration, you must first upgrade the file to the Release Candidate (RC) build, and then import the RC configuration file."

Any idea on how to address this?

Thanks,

Mike

(in reply to JerseyJack)
Post #: 46
How to allow only outlook in ISA server 2004 - 22.Aug.2007 12:34:25 AM   
sampath

 

Posts: 1
Joined: 5.Jun.2007
Status: offline
We are having 50 users and using ISA Server 2004. We want to deny access to all the websites for some users and give  a permission to check the mails using Outlook, When iam blocking all other protocols and allowing only pop3 and SMTP  Iam not able to get the  mails using Outlook. Out mail server is hosted on godaddy webhosting domain.
                    How can i permit to get only mails usiong Outlook except any other sites
Thanking You

(in reply to tshinder)
Post #: 47
RE: Discussion about article on site blocking - 8.Nov.2007 7:07:26 PM   
hrugama

 

Posts: 12
Joined: 6.Oct.2007
Status: offline
Hello,

I have the same problem like the guy above using the list provided before. What am I doing wrong? and by the way I'm running ISA 2004 EE.

Any ideas?

Best regards,

(in reply to bhavin78)
Post #: 48
RE: Discussion about article on site blocking - 28.Apr.2008 5:38:42 PM   
drk_xstnc

 

Posts: 2
Joined: 28.Apr.2008
Status: offline
Hi,

I've followed all the steps to create a rule (wich is the first one) to deny the access to many websites (I imported the block list an added many other URLs), but I don't still know why my traffic goes thru other rule, almost the last one.

Does anyone have idea about this matter?

I appreciate your help.

Guillermo.

(in reply to tshinder)
Post #: 49
RE: Discussion about article on site blocking - 30.Apr.2008 1:28:46 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
If you were able to import the sets, make sure you make a deny rule that includes those sets and put it above any allow rules.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to drk_xstnc)
Post #: 50
RE: Discussion about article on site blocking - 30.Apr.2008 1:57:45 PM   
drk_xstnc

 

Posts: 2
Joined: 28.Apr.2008
Status: offline
Hi Tom,

Thanks for your answer.

Well, I've put the rule at the top (is the number one), besides, It has the restriction deny.

So, what could be the problem? I dun't really have idea.

Thx.  

(in reply to tshinder)
Post #: 51
RE: Discussion about article on site blocking - 1.May2008 10:05:14 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
If it is at the top, and applys to all users, then it must work. Otherwise, you have enabled hosts to bypass the ISA Firewall (perhaps by using a unihomed ISA firewall?)

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to drk_xstnc)
Post #: 52
RE: Discussion about article on site blocking - 3.Mar.2009 11:24:17 AM   
co2009

 

Posts: 1
Joined: 3.Mar.2009
Status: offline
Tom,
For this scenario to work, do my internal clients need to be configured as firewall/proxy client of the ISA server. Right now I do not have clients configured that way and I cannot get this to work.

(in reply to ISA_NL)
Post #: 53
RE: Discussion about article on site blocking - 5.Mar.2009 3:00:46 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
The ISA firewall needs to be in the path between the clients and the Internet. If that is not the case, it's very easy for users to change their default gateway to whatever they like and bypass the ISA firewall.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to co2009)
Post #: 54
RE: Discussion about article on site blocking - 25.Mar.2009 8:24:02 AM   
shailesh_gupta

 

Posts: 3
Joined: 23.Feb.2009
Status: offline
 HI,
I am new in ISA server . I am trying to block particular web sites through ISA server 2004 & ISA server 2006 but not get succeed. I created a deny rule for this purpose but all in vain . Please help me to sort out this problem.

Thanx in advace

(in reply to ISA_NL)
Post #: 55
RE: Discussion about article on site blocking - 25.Mar.2009 9:18:16 AM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
your HTTP allow rule should be above the deny rule.

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to shailesh_gupta)
Post #: 56
RE: Discussion about article on site blocking - 25.Mar.2009 9:58:09 AM   
shailesh_gupta

 

Posts: 3
Joined: 23.Feb.2009
Status: offline
Hi Steave,
Sorry but i didn't get your point.Actually ISA server 2004 is installed on my computer. Now with the help of it I want to block some particular sites.I created a firewall policy rule to restricted these sites but this is not working. I put this rule on top still all in vain.
It will we really helpful for me if reply will be in some snap short form .
Thanx in advanced

(in reply to JerseyJack)
Post #: 57
RE: Discussion about article on site blocking - 25.Mar.2009 10:16:09 AM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
First of all  you need an access rule allowing HTTP. Make that rule no 1
Then for rule number 2, create a dent access rule  using the domain deny set you created.

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to shailesh_gupta)
Post #: 58
RE: Discussion about article on site blocking - 26.Mar.2009 1:32:27 AM   
shailesh_gupta

 

Posts: 3
Joined: 23.Feb.2009
Status: offline
Hi Steave,
Thanx for your effort,but I followed the step as you suggest me.Still the things not working. There is also a Query regarding this.As you suggest that First Create HTTP allowed Rule then Create a Deny Rule, But According to me ISA server follow the top to down topology. So at the top if we create a allow rule to HTTP
traffic then will it work to block HTTP traffic by creating a deny rule at the second position.IS am I right??. Please reply ASAP.
Thanks & Regards
Shailesh

(in reply to JerseyJack)
Post #: 59
RE: Discussion about article on site blocking - 26.Mar.2009 7:39:14 AM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
The deny ruly only applies to the sites contained in the deny domain set.

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to shailesh_gupta)
Post #: 60

Page:   <<   < prev  1 2 [3] 4   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> RE: Discussion about article on site blocking Page: <<   < prev  1 2 [3] 4   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts