Solved

ISA2006 - creating a URL set to use as a whitelist

Posted on 2010-09-06
10
1,950 Views
Last Modified: 2013-11-16
Hi

I have been using my ISA2006 box successfully for a little while now. How I would like to now create a "white-list" to stop users getting onto any site not mentioned in the list.

I have this working in test environment, however I have issues adding sites to the white-list and making them work correctly. For example i know to add yahoo i would include in the URL-set *.yahoo.co.uk/*

However a site i need to add is https://aftersales.i.daimler.com/

So in my thinking i have added *.daimler.com/* and even *.i.daimler.com/*

Yet it still won't work, and i'm struggling for ideas

Thanks

Mark

0
Comment
Question by:marky1984
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 7

Expert Comment

by:CGretski
ID: 33611035
ISA cannot see the URLs in an SSL session,
You cannot use a URL set - you'd be better with a domain set
0
 
LVL 1

Author Comment

by:marky1984
ID: 33611063
Thanks for the reply, how would i add the mentioned URL above in there then?
0
 
LVL 7

Accepted Solution

by:
CGretski earned 250 total points
ID: 33611080
Your domain name set would contain
 *.daimler.com
That would allow all subdomains/servers of daimler.com
You'd need to add daimler.com also if you use that  (without the www. )
0
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 250 total points
ID: 33611470
You should not have a url set with an * at both the front and at the end - it can have unpredictable results. In the same way you should not mix 'types' in a url set. For example, you should not have an FQDN type url entry and an ip address entry in the same url set. The same also applies to domain sets.

In respect to the https, when you create a url set, or add/delete an entry, it states clearly in the box that the entry supports http only, not https.

ISA CAN deal with https but only at the moment the initial request is made - and only if the respective https site is the FIRST site requested. The best-practice route to deal with https is as mentioned above, with a domain set.

Alternatively, you can upgrade to the newest version called Forefront TMG 2010 which DOES allow inspection of https traffic.

Keith - ISA & Forefront MVP
0
 
LVL 1

Author Comment

by:marky1984
ID: 33612461
Excellent, I will have a dig at all this later and let you know how i get on

Thanks!
0
 
LVL 1

Author Comment

by:marky1984
ID: 33616432
Well that made my life a lot simpler, THANKS!

I have another slight issue in that the daimler site use an embedded java app. This won't go though my ISA at all, it asks for authentication and no matter what i put in it won't work. I have tried creating a rule for the specific site to allow all users through but still no joy. I can get it to work going via other proxies not managed by myself but this isn't ideal

My ISA log for the query is attached
isalog.xls
0
 
LVL 2

Expert Comment

by:aimcitp
ID: 33619190
On your "allow" rule, are you allowing all content types or just http?
0
 
LVL 1

Author Comment

by:marky1984
ID: 33624440
It allows all types
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33629287
Different question Mark - this one is done.
0
 
LVL 1

Author Comment

by:marky1984
ID: 33634319
no worries, thanks for the help!

Will ask another question shortly.
0

Featured Post

Webinar May 25: Cloud Security Strategies for SMBs

Small and mid-sized businesses are a driving force behind cloud adoption, and it’s no wonder: cloud benefits are BIG.  But for all the convenience that moving to the cloud provides, where does security come into play?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ActiveSync issues 16 167
Active & Standby with dual ISP scenario 4 122
Advice on setting up a new network for a small business 3 137
VPN tunnel between Watchguard and OpenVPN? 1 209
ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question