Re: Block All Sites Except Approved List

From: Bob [BVP] (bb4_at_pmount.com)
Date: 08/10/04 

Date: Tue, 10 Aug 2004 15:32:05 -0500

Do you need to have the client authenticated ?? If not turn it
off on the server's listener and go anonymous.. Server => properties
=> Incomming Web Request => Connections Area =>
Ask unauthenticated users for identification check box..

"Gareth" <gareth_pleaseremovethis_@ibuk.com> wrote in message
news:ohfhh0dnfgnqnd10kbdoui4bamsvekefqm@4ax.com...
> I have just tried that, and it kind of works.. Depending on what mood
> ISA is in it either display the redirected 'site blocked' page fine,
> but will prompt for username and password for sites that are on the
> approved this.. Or if ISA is feeling particularly nasty it will make
> IE prompt for username and password for everything.
>
> How can I stop this?
>
> On Fri, 6 Aug 2004 11:57:12 -0500, "Bob [BVP]" <bb4@pmount.com> wrote:
>
> >Yes and No. Yes, if you have block rule, it will be processed first.
> >No, it is possible to do what you want. . Create a rule that
> >that Denies access to everything EXCEPT a destination set
> >you want to allow access to that applies to the client set..
> >
> >
> >
> >"Gareth" <gareth_pleaseremovethis_@ibuk.com> wrote in message
> >news:jbu6h05c9o1ts3sgs0shvsf2kilnfkpl94@4ax.com...
> >> OK I think I have worked out what is happening here.. I tried a
> >> different way, 2 rules 1 block (which blocks all external sites) and 1
> >> allow (which allows all sites that are on the approved destination
> >> set). Now it seems that once ISA has reached an block rule for a
> >> request it stops processing the rules regardless of wheather there are
> >> rules to allow the request for certain users. This idea follows the
> >> flow diagram thats in the ISA help file.
> >>
> >> If this this correct the its impossible to make ISA block all sites
> >> except the allow list, which surely cant be right???
> >>
> >> Has anyone got any ideas about this?
> >>
> >> On Fri, 06 Aug 2004 11:16:22 +0100, Gareth
> >> <gareth_pleaseremovethis_@ibuk.com> wrote:
> >>
> >> >Thanks for your reply. I have 1 rule that is set to block all
> >> >destinations except the approved list which is set to apply to client
> >> >address set with the stations IP. I have just tried this again but IE
> >> >is still insisting on a username and password which it shouldnt be. I
> >> >have compared the setup to a friends who uses it where he works and
> >> >they are the same, his works mine doesnt..
> >> >
> >> >I just don't know what to do next.????
> >> >
> >> >On Thu, 5 Aug 2004 11:13:24 -0500, "Bob [BVP]" <bb4@pmount.com> wrote:
> >> >
> >> >>I do it by Client Address Set that define dept's machines.. by
> >> >>ip. Destination Sets that are Allowed for that dept (make sure
> >> >>there is no *.*.domain.xxx in the sets as *.* could cause
> >> >>allowing.. Site/Content rules that blackout everything on a
> >> >>schedule.. except the Allowed DS... Works fine. I turned off
> >> >>the authentication for the server's listeners.. Just step thru
> >> >>all the compenents one by one.. If you cannot block everything
> >> >>for a single ip, then you have something in there explicitly
> >> >>allowing access.. have to figure that out...
> >> >>
> >> >>"Gareth" <gareth_pleaseremovethis_@ibuk.com> wrote in message
> >> >>news:14k4h09eqk4spl50b3i2fav6srif4siih0@4ax.com...
> >> >>> Hi Guys,
> >> >>>
> >> >>> I really hope someone can help me because this is really driving me
> >> >>> crazy!
> >> >>>
> >> >>> I have ISA 2000 on a windows 2003 domain and I am trying to block
> >> >>> access to all websites except the ones on my approved list. I have
> >> >>> tried everything I can think of, applying it to users, groups, station
> >> >>> IP address etc, nothing works. I have looked through hundreds of
> >> >>> newsgroups and cant find the answer.
> >> >>>
> >> >>> Currently I have 1 rule setup which I have applied to a test user
> >> >>> only, that rule is set to block all destinations except my approved
> >> >>> list destination set. Now every time the test user tries to browse
> >> >>> anything at all IE is asking for a username and password for the ISA
> >> >>> server and it wont even show the redirected page that it should when a
> >> >>> site is blocked.
> >> >>>
> >> >>> If anyone can shed some light on this I would be very greatful.
> >> >>>
> >> >>> If you need more info let me know.
> >> >>>
> >> >>> Thanks everyone!
> >> >>>
> >> >>> Gareth
> >> >>
> >>
> >
>

Relevant Pages

  • Re: Block All Sites Except Approved List
    ... That checkbox is unticked on both incomming and outgoing web requests. ... Or if ISA is feeling particularly nasty it will make ... >> IE prompt for username and password for everything. ...
    (microsoft.public.isa)
  • Password Challenge
    ... I am just now upgrading to ISA 2004 from ISA 2000. ... to allow internet traffic out and this rule is assigned to a Windows Domain ... I was wondering how I get ISA to prompt the user for a username and password ...
    (microsoft.public.isa)
  • RE: Firewall Client Prompts for Password
    ... I understand that you get prompt to input ... Install ISA firewall client on workstation. ... correct proxy port defined on ISA server, by default it is 8080 on SBS 2k3. ... Please help to gather the ISA Logs: ...
    (microsoft.public.windows.server.sbs)
  • RE: ISA 2004 session questions
    ... actual username when you view "Sessions" in ISA Server. ... this is a normal behavior of ISA 2004. ... speaking, when a remote client connects to the companyweb through ISA 2004, ...
    (microsoft.public.windows.server.sbs)
  • RE: user name prompt after office 2003 install
    ... it will prompt for the username. ... > I am installing Office 2003 using a custom .mst file created with the CIW, ... > 2003 to prompt the user to enter a username and initials as we use document ...
    (microsoft.public.office.setup)