Either I am stupid or ISA 2004 is!
Okay, somebody please tell me how to do this.
I've been fiddling with ISA 2004 this morning and i can't work out how ISA processes domain names/url's.
Say, for instance, i want to block users access to www.foo.com, if i add that exact url to my denied sites list it will block www.foo.com or anything within i.e www.foo.com/bar etc.
However if foo.com is configured to display the same as www.foo.com all the info is accessible via foo.com i.e foo.com/bar.
If i add *foo.com nothing i intended is blocked, just sites such as barfoo.com.
If i add *.foo.com www.foo.com is blocked but not foo.com.
So, i'm asking can i block www.foo.com and foo.com by entering one domain into my denied site list?
Every other filtering solution i have ever seen will do this, surely given everything ISA can do they can't have overlooked something quite so bloody simple!
I tell you, if the ISA server wasn't on the other side of this site in a restricted building site i would most certainly have stabbed it with an axe by now.
Please save my sanity somebody.
Matt
Re: Either I am stupid or ISA 2004 is!
Re: Either I am stupid or ISA 2004 is!
hat last foo.com should have http:// on it
Re: Either I am stupid or ISA 2004 is!
Thanks mrforgetful, i know i can do that but i have enough trouble trying to type some of the ruddy awful foreign domains in the first place, i don't want to have to do it 2/3 times for every site.
Like i said, every other filtering system i have seen can do it in one entry.
Matt
Re: Either I am stupid or ISA 2004 is!
It is a wee bit annoying but our LEA's Netsweeper has to have the same thing done to it too.
Re: Either I am stupid or ISA 2004 is!
and don't forget then they can circumvent that by finding out the ip address for www.foo.com and putting that in the browser as well!!!
Re: Either I am stupid or ISA 2004 is!
ctbjs: Good filters can avoid that by either blocking all IP address-only requests, or doing a reverse-dns lookup.
Re: Either I am stupid or ISA 2004 is!
of course .... I was just adding to Matt's frustrations!! :twisted:
Re: Either I am stupid or ISA 2004 is!
Quote:
Originally Posted by tom_newton
ctbjs: Good filters can avoid that by either blocking all IP address-only requests, or doing a reverse-dns lookup.
We are talking about ISA 2004 here, no-one said anything about good filters :D
Re: Either I am stupid or ISA 2004 is!
So then, in summary, it's a stupid filtering solution, not be being daft.....and I should start polishing my axe?
Everybody agree?
Matt
Re: Either I am stupid or ISA 2004 is!
Makes it more flexible I suppose.
You might want to block access to the writtenessays.com site but want to let them access a subdomain of writeyourown.writtenessays.com, which you can achieve with ISA.
Re: Either I am stupid or ISA 2004 is!
Or it could work like i want it to and i could add writeyourown.writtenessays.com to my allow filter :)
Matt
Re: Either I am stupid or ISA 2004 is!
hehe yeh that would work too.
Re: Either I am stupid or ISA 2004 is!
have you tried just foo.com. Our filter does the same but we found adding foo.com blocked the www.foo.com and foo.com. Could be the same
Re: Either I am stupid or ISA 2004 is!
Yes, i had tried that, infact, i spent the last 2 weeks entering sites like that. I was wondering why they weren't being filtered!
Thanks anyway though.
Matt
