ISA2006 can bite me :)
Can someone help me with this.
Very simple.
One of my users needs to use eBay - my manager. Fine. So I've created a new group and just allowed eBay in there.
However, the wildcards in the particular whitelist - how do they *actually* work?
I've tried
http://*.ebay.co.uk/
http://*.ebay.co.uk/*
And these don't appear to work - I've had to go in and keep adding each individual URL, i.e.
http://my.ebay.co.uk/
http://signin.ebay.co.uk/
etc.
Can someone please tell me where I am going wrong with the wildcard?
Thanks
David
Very simple.
One of my users needs to use eBay - my manager. Fine. So I've created a new group and just allowed eBay in there.
However, the wildcards in the particular whitelist - how do they *actually* work?
I've tried
http://*.ebay.co.uk/
http://*.ebay.co.uk/*
And these don't appear to work - I've had to go in and keep adding each individual URL, i.e.
http://my.ebay.co.uk/
http://signin.ebay.co.uk/
etc.
Can someone please tell me where I am going wrong with the wildcard?
Thanks
David
Comments
-
gorebrush Member Posts: 2,743 ■■■■■■■□□□Figured it out...
http://*.ebay.co.uk/ <--- this works
http://*.ebay.co.uk/* <--- this does not
//shrugs shoulders -
crrussell3 Member Posts: 561Even though you got it to work, you might want to try creating a Domain List instead of a URL list. That way you can allow the entire ebay.co.uk domain for that particular user.MCTS: Windows Vista, Configuration
MCTS: Windows WS08 Active Directory, Configuration -
gorebrush Member Posts: 2,743 ■■■■■■■□□□Doesn't really matter to be honest... I'm leaving in a few weeks and the whole server estate is moving... and the ISA box will be abandoned...
-
brad- Member Posts: 1,218im stuck with ISA right now and i hate it. It was the first and only firewall i had to figure out, but it has to be the worst. I'd rather spend time learning how to use an ASA or something just to get rid of it.
-
it_consultant Member Posts: 1,903The new ISA is out, I wonder how that compares to ISA 2006. Do you guys actually use ISA 2006 as the only firewall on your network?
-
docrice Member Posts: 1,706 ■■■■■■■■■■I've used different firewalls over the years including the Cisco PIX, ASA, Check Point R6x, iptables, pf ... and ISA 2004 / 2006 (although we only use the latter as a proxy for the most part). I'll admit that I don't know ISA in-depth, but in my opinion it's only worth it if you're a Microsoft shop.
First, I don't care for the fact that this is a firewall running on top of a general-purpose server. While the whole native integration with Active Directory is a nice touch, at the same time I prefer to separate the user and services authentication store from the network infrastructure devices. If an attacker gets a foothold on the firewall, she instantly has some clues about the server-side environment characteristics.
Second, I really, really don't care for the live logging / monitoring in a GUI. Better to have this be a CLI or syslog forward where I can tail the log. Sometimes I need to be able to see a lot of information on the screen at once and on ISA I'm dependent on screen resolution. With an SSH session, I can set the terminal font size to whatever I want.
Thankfully, where I work we currently only utilize ISA as a test proxy for authenticated HTTP requests where credentials-handling is tied in with Active Directory. Other than that, I find it kind of slow. Sometimes when I apply a new rule, it seems like it takes a minute or two to really go into effect. If I implement a new rule, I expect it to apply immediately within the same second.
Then again, it could also be due to my lack of fluency with the platform.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/