Re: ISA 2004 HTTP Filter

From: "ZVR" <vzaneNOSPAM@xxxxxxxxxx>
Date: Thu, 9 Feb 2006 17:26:19 -0500

"GALBARZ" <GalBarz@xxxxxxxxx> wrote in message
news:1139516719.375664.270230@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

NTFS security will not help in this case,
because the site is used both by the internal domain and the isa
domain,
permission are being handled by a third party appliaction, based on
windows authentication, I dont want the external users to be able to
even try to authenticate with internal users acounts user\password.(Top
level paranoid)

Is there a trust relationship between the domains? You cannot use a mix of
rights on the NTFS filesystem, including both the internal accounts, and the
special user account in the ISA domain?

I have captured http packets with network monitor and found the packed
that i need to filter out.
The problem is that I need to filter only the part with the domain name
(I cannot create a separate filter fo every internal username........)
Im looking for a way to use somthing like %string% or *string* .

Unfortunately signatures don't allow wildcards, although it would be a
really nice to have. I certainly bumped into this myself a couple of times.

For now I think you need to look at other ways of achieving your goal, using
more "standard" mechanisms along the lines of what I described above.

Virgil

.

Follow-Ups:
- Re: ISA 2004 HTTP Filter
  - From: GALBARZ

References:
- ISA 2004 HTTP Filter
  - From: GALBARZ
- Re: ISA 2004 HTTP Filter
  - From: ZVR
- Re: ISA 2004 HTTP Filter
  - From: GALBARZ
- Re: ISA 2004 HTTP Filter
  - From: ZVR
- Re: ISA 2004 HTTP Filter
  - From: GALBARZ

Prev by Date: Client Authentication using certificate - Can this only work with the entreprise CA?
Next by Date: ISA 2006 Beta: SIP Support?
Previous by thread: Re: ISA 2004 HTTP Filter
Next by thread: Re: ISA 2004 HTTP Filter
Index(es):
- Date
- Thread

Relevant Pages

Re: ISA 2004 HTTP Filter
... I will put my trust in ISA 2006 ...... ... The problem is that I need to filter only the part with the domain name ... Im looking for a way to use somthing like %string% or *string*. ...
(microsoft.public.isa)
RE: SBS 2003 and ISA content types running slow
... types filter and extension filter and the Internet access slow. ... Open ISA 2004 console, extend Monitoring, click Dashboard tap in middle ... Please follow the link and download and run the Microsoft Internet ... Clear the current existing W3C logs. ...
(microsoft.public.windows.server.sbs)
Re: POP virtual server problem
... Glad its working and yes the ISA "built in filters" have been an issue ... I also want to re-iterate that allowing your Exchange Server to act as a ... Please do not respond to me directly by email but only in the newsgroups so ... > but I created a new filter identical to the one ISA on SBS2k had and now ...
(microsoft.public.backoffice.smallbiz)
Re: ISA 06 PPTP VPN via NAT
... In fact, GRE packets are what is used to transfer the data, while the TCP connection is only used for command channels. ... A LOT of cheap/stupid equipment and admins are unaware of this fact - and then, for example, filter out GRE. ... If any of my users try and connect to a remote VPN server they recieve an error and the connection does not iniaite, I can see packets on port tcp/1723 leaving the box, none of the users are running the ISA firewall client. ... My ISP connection is just plain old ethernet with no pppoe just a static IP address, if I plug my laptop into it I can VPN no problems at all, my cisco PIX can also NAT PPTP connections out of it, I've even gone so far as rolling back to Windows 2003 & ISA 2004 with no success, formatted and started again a couple of times. ...
(microsoft.public.isa.vpn)
Re: firewall service crash due to ntdll.dll
... The Firewall service stopped because an application filter module ... Whe have disabled the Webprotect Filter temp. ... ISA file. ... There have been no recent changes except the installation of SP2 in ...
(microsoft.public.isa)