[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] http domain filter
I am trying to set up simple access rules for 4 different groups. These groups have a variety of different access to sites like av.com, yahoo.com, etc. I am toying with a few ideas and I want to bounce it off a few people. My desired result is to use something like domain objects so that I don't have to manually input any changes when yahoo gets a new server. I have gotten it to work using URI resources and it works great, BUT (and you knew there was a but) when someone access a site they don't have permissions to, it just comes up with user/pass prompts until it finally moves to an Error 407 - not "Access Denied." Here is what I have found the reason to be: the rule setup to allow users to these sites is below Group1@internal any http->www.yahoo.com User Auth Account It looks as though because the destination is any I will never see that access denied error. A solution was to use the domain objects in the dest field, only they are not allowed when using User Auth. Now this may appear to be cosmetic only and not bother fixing, but when I user accesses yahoo.com, several gif's on that page are called from other URL's. So, in order to load the page the users will get frustrated after trying their user/pass so many times. It will eventually load without those gif's. If I specify the IP of yahoo.com as the dest, the page loads no problem and just ignores the gif's (no prompts because access is denied). Anyone know the secret or have a few moments to spare and test my theories? Cheers, Jamie Doherty The information transmitted by the following E-Mail is intended only for the addressee and may contain confidential and/or privileged material. Any interception, review, retransmission, dissemination, or other use, or taking any action upon this information by persons or entities other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you received this communication in error, please contact us immediately atext. 3600 and delete the communication from any computer or network system. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|