Either I am stupid or ISA 2004 is!

[saundersmatt]

Okay, somebody please tell me how to do this.
I've been fiddling with ISA 2004 this morning and i can't work out how ISA processes domain names/url's.

Say, for instance, i want to block users access to www.foo.com, if i add that exact url to my denied sites list it will block www.foo.com or anything within i.e www.foo.com/bar etc.
However if foo.com is configured to display the same as www.foo.com all the info is accessible via foo.com i.e foo.com/bar.
If i add *foo.com nothing i intended is blocked, just sites such as barfoo.com.
If i add *.foo.com www.foo.com is blocked but not foo.com.

So, i'm asking can i block www.foo.com and foo.com by entering one domain into my denied site list?
Every other filtering solution i have ever seen will do this, surely given everything ISA can do they can't have overlooked something quite so bloody simple!

I tell you, if the ISA server wasn't on the other side of this site in a restricted building site i would most certainly have stabbed it with an axe by now.

Please save my sanity somebody.

Matt

[mrforgetful]

Block:

*.foo.com
www.foo.com
http://foo.com

[mrforgetful]

hat last foo.com should have http:// on it

[saundersmatt]

Thanks mrforgetful, i know i can do that but i have enough trouble trying to type some of the ruddy awful foreign domains in the first place, i don't want to have to do it 2/3 times for every site.

Like i said, every other filtering system i have seen can do it in one entry.

Matt

[mrforgetful]

It is a wee bit annoying but our LEA's Netsweeper has to have the same thing done to it too.

[ctbjs]

and don't forget then they can circumvent that by finding out the ip address for www.foo.com and putting that in the browser as well!!!

[tom_newton]

ctbjs: Good filters can avoid that by either blocking all IP address-only requests, or doing a reverse-dns lookup.

[ctbjs]

of course .... I was just adding to Matt's frustrations!! :twisted:

[localzuk]

ctbjs: Good filters can avoid that by either blocking all IP address-only requests, or doing a reverse-dns lookup.

We are talking about ISA 2004 here, no-one said anything about good filters

[saundersmatt]

So then, in summary, it's a stupid filtering solution, not be being daft.....and I should start polishing my axe?

Everybody agree?

Matt

[mrforgetful]

Makes it more flexible I suppose.

You might want to block access to the writtenessays.com site but want to let them access a subdomain of writeyourown.writtenessays.com, which you can achieve with ISA.

[saundersmatt]

Or it could work like i want it to and i could add writeyourown.writtenessays.com to my allow filter

Matt

[mrforgetful]

hehe yeh that would work too.

[TechMonkey]

have you tried just foo.com. Our filter does the same but we found adding foo.com blocked the www.foo.com and foo.com. Could be the same

[saundersmatt]

Yes, i had tried that, infact, i spent the last 2 weeks entering sites like that. I was wondering why they weren't being filtered!
Thanks anyway though.

Matt