Re: Block All and Allow as We Go

Well I had to cheat and look at my ISA rules :-)

"Cris Hanna [SBS-MVP]" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:OzMDIOjlHHA.3928@xxxxxxxxxxxxxxxxxxxxxxx
thanks Steve
ISA not currently installed on my server, so as I said...was trying to
recall from memory

--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"Steve" <newsgroup@xxxxxxxxxx> wrote in message
news:%23yCCttdlHHA.3704@xxxxxxxxxxxxxxxxxxxxxxx
Cris I don't believe that there is an SBS Outbound HTTP rule. AFAIK the
SBS Internet Access rule is what allows clients to use HTTP (and other
protocols) for internet access. Removing HTTP from that rule should
prevent any access. A single HTTP allow rule above that rule with the
"good" URLs (in a manually constructed URL set) that can be accessed
should then take care of the other part of the OP's question.

"Cris Hanna [SBS-MVP]" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:DD3F993B-C83E-4EF9-89A2-F08EF49C841B@xxxxxxxxxxxxxxxx
In the ISA console, You'll see a rule for SBS Outbound HTTP (I'm doing
this from memory) If you right click, I think you can disable it
That takes care of outbound HTTP
Then you would have to create a new rule for each site.

--
Cris Hanna [SBS-MVP]
------------------------------
Please do not contact me directly, only respond in the Newsgroups
MVPs do not work for Microsoft
------------------------------
Send via Windows Mail on Vista Ultimate connected to SBS 2003 R2
"Leythos" <Void@xxxxxxxxxxx> wrote in message
news:1179104163_19461@xxxxxxxxxxxxxxxxxxxxxxx
On Sun, 13 May 2007 21:39:32 -0300, Daniel Jewel wrote:

just http...

Again, not knowing ISA, you should be able to block HTTP from your DHCP
Scope range, so that your servers can still get updates and AV updates.

--
Leythos
Igitur qui desiderat pacem, praeparet bellum.
Calling an illegal alien an "undocumented worker" is like calling
a drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)







.

Relevant Pages

  • Re: RWW - Cant login
    ... Modify Internet Access Rule in ISA server ... In the Microsoft Internet Security and Acceleration Server 2004 console, ... In the center pane, find a policy named SBS Internet Access Rule, ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA - Single NIC - FTP Issue
    ... > and always attempts an anonymous login. ... > Recently I began testing the ISA 2004 server. ... > HTTP, HTTPS and FTP protocols. ...
    (microsoft.public.isa.configuration)
  • ISA2004 issues (pretty detailed description and therefore much reading :)
    ... My configuration: ... within AD environment (member server). ... Local DNS server configured to return my ISA ... Client Username Protocol Destination Port Action Rule HTTP Method URL ...
    (microsoft.public.isa)
  • Re: Help. Loss of OWA and SPS access via Internet after ISA 2004 u
    ... Filter Information: Blocked by the HTTP Security filter: URL normalization was not complete after one pass ... HTTP Status Code: 12217 The request was rejected by the HTTP filter. ... The other thing you can do is go to the ISA monitoring. ... Then on the server, query ISA for that workstation's IP address for the last x time period. ...
    (microsoft.public.windows.server.sbs)
  • 504: Proxy Time OUt error ISA 2004
    ... For more information about this event, see ISA Server Help. ... An unhandled exception occurred during the execution of the ... Exception Details: System.Net.WebException: The request failed with HTTP ...
    (microsoft.public.isa)
Loading