I'm trying to restrict a certain program on client machines to only have access to certain web sites. I installed the ISA server software on the win2k3 domain server. The problem is, if I do web access restrictions, the users won't be able to access other websites using their webrowser besides the one I grant access to. I don't want that to happen, I only want a certain program which uses http traffic on their machines to have restricted access to certain sites. Anyone got any ideas? Thanks.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Anyone familiar with Microsoft ISA Server? Question about restricting web access
- Thread starter rlee
- Start date
MrGuvernment
Fully [H]
- Joined
- Aug 3, 2004
- Messages
- 21,818
use something like wireshark to define a signature for http requests originating from said program.
Add the signature to your regular http access rule (right click rule and choose configure http). This will block all http requests from that program.
Create a destination set with the urls / ip ranges of the external resource you want the program to be able to access.
Add another http rule above that does not restrict the signature (higher priority than your other http rule). Limit this rule to http traffic going to the destination set you created.
Add the signature to your regular http access rule (right click rule and choose configure http). This will block all http requests from that program.
Create a destination set with the urls / ip ranges of the external resource you want the program to be able to access.
Add another http rule above that does not restrict the signature (higher priority than your other http rule). Limit this rule to http traffic going to the destination set you created.
Apparently a moderator said it won't work
http://forums.isaserver.org/m_2002023192/mpage_1/key_/tm.htm#2002023192
i d/led wireshark, i have no idea where to go from there.
http://forums.isaserver.org/m_2002023192/mpage_1/key_/tm.htm#2002023192
i d/led wireshark, i have no idea where to go from there.