Microsoft KB Archive/217200

= How to Add a Large Number of Domain Filters in Proxy Server 2.0 =

Article ID: 217200

Article Last Modified on 6/11/2002

-

APPLIES TO


 * Microsoft Proxy Server 2.0 Standard Edition

-



This article was previously published under Q217200



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SUMMARY
In the Proxy Server 2.0 user interface limits, you can enter domain filters one at a time. Larger numbers of filters can be added using the following two methods.



Method 1
 On the Service Properties tab for Web Proxy, select Server Backup, and then choose a directory location for the backup file.

WARNING: Altering the server backup file may render your Proxy Server computer unusable. Be sure to make an extra copy of the server backup file in case you need to restore your original configuration. Go to the backup directory and open the most recent backup file in Notepad. If you are granting access to all domains, except those you want to deny access to, then find the heading labeled [@MSP_DenyDomainFilters] and enter the domains you want to filter using the following syntax:

NDDF0=domain1_name.com

NDDF1=domain2_name.com

ADDF2=10.10.10.10;255.255.255.255

ADDF3=10.10.10.11;255.255.255.255

 If you are denying access to all domains, except those you want to grant access to, find the heading labeled [@MSP_GrantDomainFilters] and enter the domains you want to filter using the following syntax:

NGDF0=domain1_name.com

NGDF1=domain2_name.com

AGDF2=170.70.70.10;255.255.255.255

AGDF3=170.70.70.11;255.255.255.255

 To confirm your correct use of the syntax, (before you begin) you may want to enter several entries manually from the user interface, and then perform a server backup and view the entries in the backup file. When you finish entering the listing of desired domain filters, do the following:

<ol style="list-style-type: lower-alpha;"> Close the file and click Server Restore.</li> Choose Full Restore.</li> Browse and select the file that you just modified, then click Open.</li> Click OK, and then click Apply (if available).</li></ol> </li> To view your added domain filters, click Security, and choose Domain Filters.</li></ol>

Method 2
You can also enter large number of domain filters using the registry. To do this perform the following steps:

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

<ol> Click Start, click Run, enter Regedt32.exe, and then click OK.</li> Open the following registry key:

HKLM\System\CCS\Services\W3Proxy\Parameters\DoFilter

</li> To confirm your correct use of the syntax, (before you begin) you may want to enter several entries manually from the user interface, and then open Registry Editor to view the values for the correct syntax.</li> If you are granting access to all domains, except those you want to deny access to, open the registry key labeled DenySites.</li> To deny certain domain names, double-click on the Domains value. In the Mult-String Editor, add the domain names sequentially on separate lines using the following syntax:

domain1_name.com

domain2_name.com

domain3_name.com

domain4_name.com

</li> To deny certain IP addresses, add each address individually by doing the following: <ol style="list-style-type: lower-alpha;"> 

</li> In Registry Editor, choose Edit, select Add Value, and then enter IPSite# (incrementing each # for additional IP address).</li> Select a REG_SZ Data Type, and the click OK.</li> In the String Editor, add each address with the appropriate IP subnet and the address syntax as follows:

255.255.255.255 10.15.10.15

</li></ol> </li> If you are denying access to all domains, except those you want to grant access to, find the registry key labeled GrantSites.</li> <li>To grant access to certain domain names, do the following:

<ol style="list-style-type: lower-alpha;"> <li>Double-click on the Domains value.</li> <li>In the Mult-String Editor, add the domain names sequentially on separate lines using the following syntax:

domain1_name.com

domain2_name.com

domain3_name.com

domain4_name.com

</li></ol> </li> <li>To grant access to certain IP addresses, add each address individually by doing the following:

<ol style="list-style-type: lower-alpha;"> <li>In Registry Editor, choose Edit, select Add Value, and then enter IPSite# (incrementing each # for additional IP address).</li> <li>Select a REG_SZ Data Type, and then click OK.</li> <li>In the String Editor, add each address with the appropriate IP subnet and address syntax as follows:

255.255.255.255 10.15.10.15

</li></ol> </li> <li>Before closing the Registry Editor, you must enter one additional value.

In the DoFilters key, if you are using the DenySites subkey, open the NumDenySites value, and enter the exact total number of both domain names and IP address entries in the DenySites key (for example, enter 8 in the NumDenySites value if you have entered five domain names and three IP sites).

If you are using the GrantSites subkey, then enter the corresponding total number in the NumGrantSites value in the DoFilters key.</li></ol>

Keywords: kbhowto KB217200

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.