How a Program Gets through HTTP Proxy
Articles and Tips: tip
01 Mar 2002
Here's how to determine which access rules should be set up to block specific services.
Choose a user account that doesn't have a lot of traffic, or is set up just for this type of test.
Enable proxy authentication. This allows the user account you are testing to show up in the logs.
Set up an Allow All URL access rule at the top of the rules list, with Source = the NDS user account you are testing with. Enable rule logging.
Connect to the web site/or service, such as the Yahoo Messenger. Try to log in.
Check the Access Rule logs for the last 30 minutes or so to see what was allowed, find the test user account, double-click on it, and look at the URLs the user was trying to access.
Set up a Deny URL rule right above the Allow URL for the test user, enable logging on it, and enter a URL to deny. Wildcards are allowed.
Test again. If the Deny rule worked, you will see that in the Access Rule logs. If the login worked, the software may have tried a second option that you must also deny, or your Deny rule may have the wrong syntax (check this).
Also, when the access rules deny a site, you should see an immediate increase in the "Failed" statistic in the Proxy Console screen on the BorderManager server.
* Originally published in Novell AppNotes
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.