csilks
asked on
How to Block Users from use proxie servers to get round ISA site blocking rule
I have a rule on on ISA 2006 that block access to the social netowrking sites like facebook, users are now getting round this buy using free proxie sites, is their a way of blocking all these sites. Does anyone have an upto date list in xml that I can import in to ISA.
Try www.proxblocks.com
ASKER
Thanks how do i get this in to ISA.
You should be able to import lists. If not txt files, email them to see if it comes in xml formatting as well. Also check out www.isaserver.bm for Steve Moffet's block lists.
Could importing be similar to ISA 2004? There's a little fluff at the beginning of this, but look about 8 paragraphs down:
http://www.isaserver.org/articles/2004domainseturlset.html
-LTCJ
Could importing be similar to ISA 2004? There's a little fluff at the beginning of this, but look about 8 paragraphs down:
http://www.isaserver.org/articles/2004domainseturlset.html
-LTCJ
On your external firewall, set a rule that only allows ftp, http & https traffic that comes from the ISA server ip address.
Putting in white/black lists will not help in the slightest - the whole point of the alternate proxy is that either they bypass the ISA completely OR they use SSL to tunnel through the ISA server therefore the whitelist/blacklist is ignored.
Keith
ISA MVP
Keith
ISA MVP
Keith, I'm sure you know tons more about ISA than I do, but if users are required to go through his proxy, and they are going to permitted sites to get to blocked sites, you're saying it won't help to block those permitted sites? I don't think he's saying they are changing thir proxy settings, just going to sites that allow users to type in an address to call up another site without going directly to that site.
Am I right, csilks?
LTCJ
Am I right, csilks?
LTCJ
Fair comment if they are using external proxies - :)
ASKER
Yes they are using them to get round the the rules on ISA that block some sites.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.