Solved

ISA Firewall Whitelists

Posted on 2010-09-17
4
1,055 Views
Last Modified: 2012-06-27
Hello,

We are currently trying to implement a whitelist for our students within ISA server 2004, currently we have a rule which allows access to certain sites via a domain sets object, this works to certain degree with some sites and with others not as well, the main problem being that for example bbc.co.uk amongst others pulls it's images and videos from several different sources example (news.bbcimg.co.uk, newsimg.bbc.co.uk, www.bbc.co.uk, static.bbc.co.uk, bbc.co.uk, news.bbc.co.uk, node1.bbcimg.co.uk, su.sageanalyst.net, stats.bbc.co.uk)
 So in the domain sets I have *.bbc.co.uk, which covers the majority of the site, but anything from bbcimg.co.uk or sageanalyst.net, is blocked making the site look incomplete and removes a lot of functionality of the site, I could add these extra domains to sort the issue for the BBC site, but tomorrow it could be getting images etc from different sources and I have this issues with a lot of sites. A blacklist is not an option for us in the sense that it would be a huge., so my question is, is there a way of only allowing certain sites by URL but allowing the images etc that make up the site to be allowed as well.

Thanks
0
Comment
Question by:sparkofgenius
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 3

Expert Comment

by:latchways
ID: 33700957
Unfortunately there is no way of doing this. The lists are manually controlled. You would have to monitor and add the specific domains by hand
0
 
LVL 1

Author Comment

by:sparkofgenius
ID: 33701357
Thanks for the quick reply.

I was thinking instead of populating the list automatically, there may be a way of doing this via access rules, so a rule for the urls, and then a rule for all sites, hard to explain but was thinking more along the lines of doing this with acces rules and my current domain sets object or a url set.
0
 
LVL 5

Expert Comment

by:DanMar
ID: 33706571
Hi Sparkofgenius,
As latchways mentioned with ISA/Forefront this is manual.  You do have an option however of installing software that works with ISA controlling web access based on categories.  An application I have installed that works well is GFI Webmonitor.  There are others out there you can search for.
0
 
LVL 1

Accepted Solution

by:
sparkofgenius earned 0 total points
ID: 33716196
Hi Guys

Been working on this over the weekend, and I think I may have found a solution. I have my whitelist rule which allows http traffic for students to a list of domains in my domain name set. As mentioned above certain sites do not display correctly if some images and videos are pulled from a different source. Below this rule I have created a rule for http traffic to external for students and have placed a content type filter so it will only allow images, .js files, .css files and videos. So in effect the first rule lets a student browse to a site in the domain set and download images and videos etc which fall within the domain name set, and the second rule downloads any other images that the site needs to be functional. I’m aware that there is potential that a direct link to a image or video will now be accessible for students, but due to the nature of the way the students use the workstations, I feel it won’t be an issue.

Does anyone see a something I’m missing here and would not recommend this?
0

Featured Post

What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question