Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 179
  • Last Modified:

ISA Server: 1 user needs access to 1 site ** IMPORTANT **

We are running ISA Server and I need to give a user that DOES NOT currently have web access access to a single site.

It's driving me nuts! Most users have Inet access  belonging to the group 'InternetUsers'. However, this department opts to NOT allow their users web access.

But of course - 1 user needs to access a site for work related issues.  

So, I need to give a single user access to a single site (which is: https://dnbweb1.blackbaud.com/OPXDONATE/donate.asp?cguid=1E59DAB5%2D28BC%2D4A57%2D8EF4%2D0BD97B9D8561&dpid=1113)

Here's what I've done but it doesn't seem to work.

1) I've created "Site & Content Rule" which has the following attributes:
a: Selected Destination Set
b: Schedule: all hours
c: Action: Allowed
d: Applies to: Users & Group Specified below
e: Content: All

The Selected Destination Set is defined as:
1) IP Address of: (determined by pinging dnbweb1.blackbaud.com)
2) Path: /OPXDONATE/donate.asp?cguid=1E59DAB5%2D28BC%2D4A57%2D8EF4%2D0BD97B9D8561&dpid=1113
NOTE: I also tried leaving the path blank allowing any of the site.

** If I log on as that user (or the test user which is also defined in the rules) I get a blank page.

** The users states she still gets "Page cannot be displayed".

1) Does the Web Proxy Service need to be restarted after making changes to the 1) Destinations sets or 2) site/content rultes?

2) Is the users access dynamic? Or do they have to log off and back on again?

Thanks in advance..

Matthew Jones
  • 2
1 Solution
matthewjonesAuthor Commented:
I figured this one out.

We had removed certain users from the Internet Access Group, so even after being filtered through site content rules they were still 'denied' at the protocol level.

I guess what I didn't realize is that you have to have access first before you can be limited to a few sites and/or re-directed. I looked at the protocol rules but didn't add the user back in there 'thinking' it would give them access to other sites. I had the concept all wrong!  

Anyway - All appears to be working as desired.
I really do appreciate the site and your work.
Can I give myself the points??

matthewjonesAuthor Commented:
Since you answered you got the points! The info there was also helpful.


Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now