|
Title: HTTP proxy: Access Policy authorise domains doesn't work Post by: obig on Friday 06 April 2012, 04:28:03 pm Hi all,
In EF2.5.1 and I also have it in the 2.4; when we add a policy to authorise traffic for a certain domain (eg test.com) without authentication it doesn't work. Still TCP_DENIED errors in the logs. When you put in the complete host (eg www .test.com or web1 .test.com) it works, actually it seems that it just translates the DNS name into an IP .... so it's doing IP based policy instead of domain based policy. Anyone had this yet? This is very annoying since sometimes we have an application that uses about 20 different hosts on an internet domain and I had to add them all manually per host (in a domain policy). The only solution I had which is not very professional is putting the entire segment of the domain in question into an allow policy. That is not an option off course for security reasons. If someone would know what causes this that would make me very happy ;D Thx Title: Re: HTTP proxy: Access Policy authorise domains doesn't work Post by: davvidde on Saturday 07 April 2012, 07:08:50 am you need to create an access policy with destination domain like:
.libero.it .microsoft.com .wikipedia.com Note the leading dot before DNS domain. I attached an example screeenshot. Davide. Title: Re: HTTP proxy: Access Policy authorise domains doesn't work Post by: obig on Sunday 08 April 2012, 07:48:46 pm Hi Davvidde
thanks for your reply. I thought of that too but when I've tried to put a dot before the domain it gave an error saying it was'nt a valid domain. That's why I'm surprised to see your screenshot where it does work. I'll have a look why it doesn't take the dot and post the reason afterwards. Thx Title: Re: HTTP proxy: Access Policy authorise domains doesn't work Post by: kashifmax on Tuesday 01 May 2012, 11:56:34 pm There are two ways. 1st as davvidde said. 2nd ^http://www.microsoft.com. Remember that it has a different working mechanism...
|