Re: ISAPI - Knowing if rule accepted or deny the request on POLICY_CHECK_COMPLETED
- From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
- Date: Tue, 12 Feb 2008 10:59:13 -0600
An Allow based Rule cannot "deny",...it can either allow or ignore. If it
ignores, then the next rule on the list is tested.
A Deny based Rule cannot "allow",...it can either deny or ignore. If it
ignores, then the next rule on the list is tested.
The Monitoring Log will show which Rule was used during the action except
for certain situations.
I know of no way to programatically do any of this. Someone else will have
to answer that.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
"gbraux" <gbraux@xxxxxxxxxxx> wrote in message
news:ff568e61-5bbe-47a8-b6d5-e2e5f0e7f1ef@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello,
Here is what is told about the SF_NOTIFY_POLICY_CHECK_COMPLETED event
in MSDN :
A notification specific to ISA Server 2006 and ISA Server 2004. Sent
after the ISA Server policy check has been completed, and the request
has either been allowed or denied. After this notification has been
received, the Web filter can request the GUID of the policy rule that
either allowed or denied the request. The filter can also request
additional data from the client (SF_STATUS_REQ_READ_NEXT), although
the read operation will fail if all of the data has already been
received.
On this event, I'd like to know if a firewall rule has accepted or
denied the request ... But there are no specific structure comming
with this event where I could find this information.
I think the GUID (obtaited using server variables at this step) can
only help me to obtain an AccessRule object (from FPC COM) ... But how
to know is this rule ALLOWED or DENIED the actuel request ???!!!
Thanks,
Guillaume
.
- Follow-Ups:
- Re: ISAPI - Knowing if rule accepted or deny the request on POLICY_CHECK_COMPLETED
- From: Jim Harrison \(ISA SE\)
- Re: ISAPI - Knowing if rule accepted or deny the request on POLICY_CHECK_COMPLETED
- From: Evgeny
- Re: ISAPI - Knowing if rule accepted or deny the request on POLICY_CHECK_COMPLETED
- From: gbraux
- Re: ISAPI - Knowing if rule accepted or deny the request on POLICY_CHECK_COMPLETED
- References:
- Prev by Date: Re: OWA 403 access denied error
- Next by Date: RE: Network Design Question
- Previous by thread: ISAPI - Knowing if rule accepted or deny the request on POLICY_CHECK_COMPLETED
- Next by thread: Re: ISAPI - Knowing if rule accepted or deny the request on POLICY_CHECK_COMPLETED
- Index(es):
Relevant Pages
|
Loading
