Hi,
Could someone please help me create a set of rules. I’ve set IE as a blocked application. Now, I want to give it access to 2 or 3 websites. I can somehow manage to create a rule that allows for one website (by adding a rule above the block all rule that says allow www.adobe.com as a host name), but it stops working if I try to create another rule to add another website.
Hope the question is clear, and thanks for any help.
Ariel
Do you have anything in your log as being blocked? Did you also add a rule to allow your DNS to look up the IP addresses for the hosts?
Hi,
Thanks for the reply. When I say that everything stops working, what I actually meant is that nothing is blocked!
The last rule I have for IE is to block everything. Then I add a rule above that to allow 1 specific site. That works, and that site alone is allowed.
Next, above that rule I add another site to be allowed. At this stage, EVERYTHING becomes allowed. The firewall permits IE to go to any site on the web, not just the two I allowed.
Any help is most appreciated, as I’ve spent several hours now trying to get this to work.
Thanks,
Ariel
So you have exactly 3 rules for IE: an allow/tcp/out/any/site1/any/http followed by allow/tcp/out/any/site2/any/http and then block/IP/in&out/any/any/any and all sites can be accessed by IE? What OS are you using? Any security software proxies like Avast!? Can you add log to each of your rules to see if they are even being processed?
Thanks again for your reply. I’m going to try doing the rules exactly as you say (I’ve already erased the ones I made as they weren’t working), and will report back.
My system is XPHome SP2, with AVG installed.
Ariel
Hi again,
I’ve created the rules exactly like you said for ieexplore.exe. There are only three rules, from top to bottom, with last being the block all. It’s doesn’t work! All sites are being allowed. The websites I’m trying to allow are www.jpost.com and www.haaretz.com. (In other words, I click on Destination Host Name, and type in “www.haaretz.com” [without the quotes].)
Your mention of a proxy server does remind me that at some stage I did change my DNS settings. I believe I am using some sort of proxy. Yes, I just checked, it’s called OpenDNS.
And suggestions about what’s happening? I also looked at the log, and it does not register any events.
Many thanks for your help.
Ariel
Did you add a “log” to the rules? Something should show up if you did. OpenDNS is fine to use. I have not used the host name option, but a suggestion: look up the IP for your sites at http://www.networksolutions.com/whois/index.jsp and try that instead to see if the lookup is broken. Sorry; I have never tried it with multiple sites, but worth a try.
Let’s try a more common approach if that doesn’t work. Go to firewall/common tasks/network zones. List your desired websites there as zone. Then just one rule ahead of the block all: allow/tcp/out/any/zone/any/80 . It may be a bug you are running into, but similar rules to this seem to work for limited site access.
Hi and thanks again for your help and suggestions.
I tried your suggestion of creating a zone (and thanks for introducing me to this feature!). If, in my new zone, I add a single address, and then go back and make a rule to allow that zone and block everything else, this works: All websites are blocked, except for the site listed in the zone. So this reassures me that I am doing what you’re saying correctly.
However, as soon as I try to add another address to my new zone the problem recurs. Web access, for some strange reason, is now not blocked for any sites at all. IE allows them all, not only the two that are listed in my zone.
Again, your help is most appreciated. I’d love to get this to work.
By the way, I tried using IP addresses, but it didn’t help.
Thanks,
Ariel
OK, looks like a bug. I can confirm the behavior with IE under Vista. With one entry it works fine, with two it allows all. Also tried it with Opera, which I normally use, similar results. Turned off ashwebsv to run without a proxy. Some strange observations. Looks like the new rules didn’t take place until after I closed the summary display. And actually got “allows” logged for other sites that shouldn’t have been, and the blocks logged when I cut down to one allowed site. Even saw a case where there was one allow before the blocks started. I’ll move this to the bug forum and change the title. Maybe the developers can come up with a work around. Blocking a few sites does seem to work according to other threads. You could try a block rule with an exclude for the zone, but there are other threads that say exclude function doesn’t work either. 
[attachment deleted by admin]
Well, thanks for your time and help. Sorry it’s a bug. I’ll keep watching this thread in case someone does think of workaround.
Thanks again,
Ariel