I am new to ISA server, so bear with me.
Windows 2003 with ISA server 2003 set up as just a Web Proxy connected to our network.
This may not be the best solution, but it's what I thought up on short notice. We need to be able to restrict our users so they can only access certain websites and domains. Supervisors and the like will not be configured to access the internet through the proxy, but other users will. I do realize that it will not be beyond certain people's ability to circumvent this policy, but should control most people.
What I've done so far:
The web proxy works great, except I am having trouble allowing only certain sites. Blocking sites works great. However, allowing sites is not working right. My Policy is set up as follows:
Order - Name - Action - Protocols - From - To - Condition
1. Allow Domains - Allow - HTTP/HTTPS - Internal - Domain List - All users
2. Allow Urls - Allow - HTTP/HTTPS - Internal - Url List - All Users
3. Last Default Rule - Deny - All Traffic - All Networks - All Networks - All Users
I have tried some other variations, like putting a deny rule to deny access to http://*
, which just blocks standard web traffic. I can get web access if I put in a rule that states that HTTP/HTTPS from Internal to External for All Users is allowed. However, this rule gives me access to any web page. I have tried placing that rule inbetween rule 2 and the default rule as well as placing it first with the same results.
Any suggestions regarding a possible solution with the current setup would be appreciated, as well as any comments on a better method of acheiving the same end results are apprecaited as well. We are a Microsoft only business currently with about 200 users. Most website access is to the internal web server, so most people don't need to access many external sites.