I am currently running Squidnt as a local proxy server. I have 3 instances of squid running on different ports each forwarding to a different port on the e2bn proxy servers. The reason for this is that each port on the e2bn proxy servers provide different levels of filtering, middle, upper, staff etc. Then through gpo's I can direct users to the apporpiate port. My question is can this be done with isa server.
Yes but not in quite the same way you just have a diferent policy for each group in ISA itself as it can identify windows group membership.Originally Posted by yeoman
I would be interested in doing this too. Can you provide a few more details? The last time I tried this the groups didn't seem to apply properly...
It needs to be ISA sever 2004 it doesnt work in the previous version in my experiance. Make the ISA server a member of your domain hey presto all the groups should be there for you to add to your rules.
Hope thats enough info if not let me know. I'm off for lunch it's friday so its chips YAY!
I am using ISA Server 2006 on a Win2003. I have only recently taken a look at this, and it might just be me, but it does not seem to be straightforward.
I've not seen 2006 yet so things maybe slighty different
the base point to start with ISA is that everything is denied unless EXPLICITLY Allowed. You need to create various components before you can create a rule. Source Address I tend to Add in my whole Nework internal range. Destination sets these can be websites or IP Address. protocol types eg: http. Or you can use the default ones from anywhere/to anywhere/ all protocols
i'm assuming you want to deny access to websites
Start by creating a rule that allows access to all web sites. Select the group you want to apply it to IE: students or domain users
From- anywhere
To- Anywhere
Action- choose allow
At this point apply the settings if you dont it wont work!
Ooint a machines proxy to the IP of you ISA server, logon as one of the specified users you should be able to get access to the internet.
Now for the deny part.
Start by creating a destination set you can do this in the pane on the right in the bit called URL SET. Call it "denylist" and add a site EG: www.bbc.co.uk you would like to deny (NOTE ISA can deal with wild cards so you could do: *.bbc.co.uk or www.bbc.co.uk/cbeebies/*)
Next start to creat a new rule as we did before
from-anywhere
to- denylist (you should see this when you click the add button)
Action-choose deny (with this option you can also specify a custom error url to redirect to. I have one with the school logo telling the kids to speak to a teacher if they want the website to be add)
then just continue adding sites to the deny list as you wish.
***Sorry I forgot to add that the Deny rule needs to apear higher up the list than the allow rule or it wont work.***
Here is a little script that lets teachers add they sites the want to be added to the allow/deny list just pop a text file where they can get at it and change the path. then run the script by schedule or manualy and it will import the urls
Hopefully some use
Set Isa = CreateObject("FPC.Root")
Set CurArray = Isa.GetContainingArray
Set RuleElements = CurArray.RuleElements
Set URLSets = RuleElements.URLSets
Set URLSet = URLSets.Item("AllowList")
Set FileSys = CreateObject("Scripting.FileSystemObject")
Set UrlsFile = FileSys.OpenTextFile("G:\Staff\All Staff\White List\Urls.txt", 1)
For i = 1 to URLSet.Count
URLSet.Remove 1
Next
On Error Resume Next
Do While UrlsFile.AtEndOfStream <> True
URLSet.Add UrlsFile.ReadLine
Loop
WScript.Echo "Saving..."
CurArray.Save
WScript.Echo "Done"
Thanks for the info I will give it a try.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote