Hi All,
I have a question that I have tried for the longest time to solve on my own, and by reading/googling/searching but now I must ask you all: My goal is for my network users (about 20) to be able to access some key business related websites... and do so without authenticating (having to enter username/password). However, I do have some people who need more access, naturally. And, the key business related websites always have their linked content with an ever-changing list of sites they must contact in order to display. The problem is that when I put the key business related websites domains into a non-authenticated access policy under the drop-down box "destination type : Domain : Insert Domains (one per line)", I also have to find the other required domains needed to load those business websites (like .doublecick.net , .adtrackerbla-bla-bla.com , etc. and they change so frequently). Then I create a second access policy requiring authentication for more trusted users, which is below the first access policy I just explained. When a key business related website domain is contacted and has recently been updated with new content from yet another domain like .adtracker-bla-bla-bla-some-more.com and therefore not in the "destination type : Domain : Insert Domains (one per line)" of the first access policy, then the user is given the Endian user login popup... but I don't want them to have to authenticate just for basic access. Users have been hitting the escape key to continue loading the page, but this makes me look bad... like "what kind of network admin are you, that your blocking software works so strangely?". What almost works, however, is to create an access policy which does not require authentication, and uses content filtering set to a score of 300, and also the key business related websites in the content filter's whitelist... and the dansguardian/content filter seems to allow all the other little domains associated with my whitelisted websites to load no problem.... but then here is the problem with this; when someone needs to access a website not in the whitelist, and they have the authority via a username/password and associated access policy, they are not given the chance to authenticate because Endian simply displays the "content exceeds score (you are blocked)" page and not the username/password pop-up window. I have tried putting the access policy for the restricted, non-authenticated accesss first in the list, and the policy for the authenticated user second, hoping that Endian would refer to the other access policy when the first one blocked the site... but again, this doesn't work. I hope I have explained this well. Any ideas, anyone? Is it simply not possible to have authentication prompts once you have a non-authenticated policy ahead of any other? I could write a small book by now about my adventures with software firewalls... I feel like one of the early pioneers of automobile carburetion :) Well, at least we don't smell like petroleum products at the end of the day! Thanks to you all, and all the best. -- Chad May -- Chad May 205 Hollywood Drive Old Hickory TN 37138 (Nashville) 615-297-1411 mailto:efw-u...@chadmay.com ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
