Hi all, I'm using ISA server 2000 standard. We currently have site and content rules to allow certain sets to access the internet. These are applied with an "all destinations allowed" rule. There is also a "selected destination set" rule that denies sites such as youtube and myspace that is applied to a client address set that contains all IP ranges in the company.

A few users need to access these sites so we've removed them from the deny rule just by shifting the range of the client address set (that applies to the block rule) around their IPs.

This has worked fine for windows users, but when we do it for Mac users, they get 403 forbidden messages. I've tried it on 2 OSX 10.4 machines which can still access other sites, but get 403s on blocked sites and 1 Leopard machine which gets 403s on all sites.

Access works fine the normal way. Only removing them from the client address set seems to create problems on the Macs we've tried. Any ideas?