Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1972
  • Last Modified:

ISA2006 - creating a URL set to use as a whitelist

Hi

I have been using my ISA2006 box successfully for a little while now. How I would like to now create a "white-list" to stop users getting onto any site not mentioned in the list.

I have this working in test environment, however I have issues adding sites to the white-list and making them work correctly. For example i know to add yahoo i would include in the URL-set *.yahoo.co.uk/*

However a site i need to add is https://aftersales.i.daimler.com/

So in my thinking i have added *.daimler.com/* and even *.i.daimler.com/*

Yet it still won't work, and i'm struggling for ideas

Thanks

Mark

0
marky1984
Asked:
marky1984
  • 5
  • 2
  • 2
  • +1
2 Solutions
 
CGretskiCommented:
ISA cannot see the URLs in an SSL session,
You cannot use a URL set - you'd be better with a domain set
0
 
marky1984Author Commented:
Thanks for the reply, how would i add the mentioned URL above in there then?
0
 
CGretskiCommented:
Your domain name set would contain
 *.daimler.com
That would allow all subdomains/servers of daimler.com
You'd need to add daimler.com also if you use that  (without the www. )
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
Keith AlabasterCommented:
You should not have a url set with an * at both the front and at the end - it can have unpredictable results. In the same way you should not mix 'types' in a url set. For example, you should not have an FQDN type url entry and an ip address entry in the same url set. The same also applies to domain sets.

In respect to the https, when you create a url set, or add/delete an entry, it states clearly in the box that the entry supports http only, not https.

ISA CAN deal with https but only at the moment the initial request is made - and only if the respective https site is the FIRST site requested. The best-practice route to deal with https is as mentioned above, with a domain set.

Alternatively, you can upgrade to the newest version called Forefront TMG 2010 which DOES allow inspection of https traffic.

Keith - ISA & Forefront MVP
0
 
marky1984Author Commented:
Excellent, I will have a dig at all this later and let you know how i get on

Thanks!
0
 
marky1984Author Commented:
Well that made my life a lot simpler, THANKS!

I have another slight issue in that the daimler site use an embedded java app. This won't go though my ISA at all, it asks for authentication and no matter what i put in it won't work. I have tried creating a rule for the specific site to allow all users through but still no joy. I can get it to work going via other proxies not managed by myself but this isn't ideal

My ISA log for the query is attached
isalog.xls
0
 
aimcitpCommented:
On your "allow" rule, are you allowing all content types or just http?
0
 
marky1984Author Commented:
It allows all types
0
 
Keith AlabasterCommented:
Different question Mark - this one is done.
0
 
marky1984Author Commented:
no worries, thanks for the help!

Will ask another question shortly.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 5
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now