HTTP proxy: Access Policy authorise domains doesn't work

[Guest]

[obig]

Hi all,

In EF2.5.1 and I also have it in the 2.4; when we add a policy to authorise traffic for a certain domain (eg test.com) without authentication it doesn't work. Still TCP_DENIED errors in the logs.
When you put in the complete host (eg www .test.com or web1 .test.com) it works, actually it seems that it  just translates the DNS name into an IP .... so it's doing IP based policy instead of domain based policy.

Anyone had this yet? This is very annoying since sometimes we have an application that uses about 20 different hosts on an internet domain and I had to add them all manually per host (in a domain policy). The only solution I had which is not very professional is putting the entire segment of the domain in question into an allow policy. That is not an option off course for security reasons.

If someone would know what causes this that would make me very happy  

Thx

[davvidde]

you need to create an access policy with destination domain like:
.libero.it
.microsoft.com
.wikipedia.com
Note the leading dot before DNS domain.
I attached an example screeenshot.

Davide.

[obig]

Hi Davvidde

thanks for your reply.
I thought of that too but when I've tried to put a dot before the domain it gave an error saying it was'nt a valid domain.
That's why I'm surprised to see your screenshot where it does work.
I'll have a look why it doesn't take the dot and post the reason afterwards.

Thx

[kashifmax]

There are two ways. 1st as davvidde said. 2nd ^http://www.microsoft.com. Remember that it has a different working mechanism...