none
How to block a directory of an intranet URL for DirectAccess clients RRS feed

  • Question

  • We have a scenario where we need to block a directory of an internal URL where the parent URL is already allowed from DirectAccess clients.

    Intranet URL: http://abc.corp.domain.com:123 - This & other directories are to be allowed

    Intranet URL Directory: http://abc.corp.domain.com:123/form  - This only is to be blocked

    NRPT rule: *corp.domain.com with DNS resolution from UAG DA server.

    Users accessing intranet resources should not be allowed to access Parent URL/forms.

    Is there a way we can achieve this? We would not want to touch end user's laptops for any kind of configuration change and that should be the last resort. Any thing around TMG or UAG should work well.

    An early resolution would be highly appreciated. This URL is going live on Monday morning IST.

    Saturday, August 24, 2013 7:47 PM

All replies

  • Hi,

    with DirectAccess UAG does not work as reverse proxy and therefore you cannot allow/disallow specific URL unless you would find a way to use the same UAG for application publishing or you have another UAG for that purpose.

    In IIS 7 and above you can use IP restrictions - http://technet.microsoft.com/en-us/library/cc731598(v=WS.10).aspx. If you run an something else you should have similar options and should find a how to using your favorite web search engine.

    Regards,

    Lutz

    Sunday, August 25, 2013 1:18 PM
  • Hi

     IP restriction feature in IIS will solve your problem. In fact, this will be easy to identify directaccess users as they all come from the UAG box.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Monday, August 26, 2013 7:12 AM