If you know attributes of each HTTP traffic, you can block MSN/Yahoo Messenger, Bit torrent, web mail, disallow post on web boards, etc by allow or block HTTP traffic using HTTP filter.
HTTP Traffic
HTTP Traffic on ISA Server is a data that pass through ISA Server using HTTP protocol (by default is on port 80) which is the protocol that is used by most applications. On each HTTP connection, there will be a header information about client that send to server or server to client. These information are such as Request Methods (GET, POST ,etc.), HTTP Versions (1.0,1.1,1.2), User-Agent (Mozilla/4.0, Firefox, etc.), Content-Type (application/xml, image/jpeg, text/xml, etc.), etc. I will not go into deep detail about HTTP protocol if you want more information, you can find at Wikipedia – HTTP. With these header information, ISA Server can filter HTTP traffic to allow or block specific application or traffic.
HTTP Traffic on ISA Server is a data that pass through ISA Server using HTTP protocol (by default is on port 80) which is the protocol that is used by most applications. On each HTTP connection, there will be a header information about client that send to server or server to client. These information are such as Request Methods (GET, POST ,etc.), HTTP Versions (1.0,1.1,1.2), User-Agent (Mozilla/4.0, Firefox, etc.), Content-Type (application/xml, image/jpeg, text/xml, etc.), etc. I will not go into deep detail about HTTP protocol if you want more information, you can find at Wikipedia – HTTP. With these header information, ISA Server can filter HTTP traffic to allow or block specific application or traffic.
To see some sample of HTTP traffic, you can use sniffer program to capture each data packet that pass in/out a computer. The popular one is Ethereal. I have installed Ethereal on a computer which running a web server. Let see the different example of each HTTP header information below.
Configurations
To configure HTTP filter, you need to know what attribute and value need to be configured. On this post, I will show only the following:
1. Block specific browser: Firefox.
2. Block MSN Messenger, Windows Live Messenger.
3. Block download file .torrent.
4. Block AOL Messenger.
5. Block Yahoo Messenger.
6. Block Kazaa.
7. Block free web mail. (e.g. hotmail.com, mail.yahoo.com, etc.)
8. Block post on web boards.
Step-by-step
Configurations
To configure HTTP filter, you need to know what attribute and value need to be configured. On this post, I will show only the following:
1. Block specific browser: Firefox.
2. Block MSN Messenger, Windows Live Messenger.
3. Block download file .torrent.
4. Block AOL Messenger.
5. Block Yahoo Messenger.
6. Block Kazaa.
7. Block free web mail. (e.g. hotmail.com, mail.yahoo.com, etc.)
8. Block post on web boards.
Step-by-step
1. Open Microsoft ISA Server Management Console
2. Right-click on the rule that being configured HTTP filter -> select Configure HTTP.
3. Click on Signatures tab and click Add.
4. Block download file .torrent.
To block download any .torrent files by configure signature to “application/x-bittorrent”, “Content-Type” in HTTP Header and Request headers in Search in.
To block download any .torrent files by configure signature to “application/x-bittorrent”, “Content-Type” in HTTP Header and Request headers in Search in.
5. Block AOL Messenger.
To block users to use AOL Messenger by configure signature to “Gecko”, “User-Agent” in HTTP Header and Request headers in Search in.
To block users to use AOL Messenger by configure signature to “Gecko”, “User-Agent” in HTTP Header and Request headers in Search in.
6. Block Yahoo Messenger.
To block users to use Yahoo Messenger by configure signature to “msg.yahoo.com”, “Host” in HTTP Header and Request headers in Search in.
To block users to use Yahoo Messenger by configure signature to “msg.yahoo.com”, “Host” in HTTP Header and Request headers in Search in.
7. Block Kazaa.
To block users to use Kazaa by configure signature to “KazaaClient”, “User-Agent” in HTTP Header and Request headers in Search in.
To block users to use Kazaa by configure signature to “KazaaClient”, “User-Agent” in HTTP Header and Request headers in Search in.
8. Block free web mail. (e.g. hotmail.com, mail.yahoo.com, etc.)
To block users to access free web mail, block any URL that contain string “mail” by configure on signature to mail.
To block users to access free web mail, block any URL that contain string “mail” by configure on signature to mail.
9. Block specific browser: Firefox.
To block users to use Firefox browser by configure signature to “Firefox”, “User-Agent” in HTTP Header and Request headers in Search in.
To block users to use Firefox browser by configure signature to “Firefox”, “User-Agent” in HTTP Header and Request headers in Search in.
10. Block MSN Messenger, Windows Live Messenger.
To block users to use MSN Messenger and Windows Live Messenger.
o To block MSN Messenger by configure signature to “msnmsgr.exe”, “User-Agent” in HTTP Header and Request headers in Search in.
To block users to use MSN Messenger and Windows Live Messenger.
o To block MSN Messenger by configure signature to “msnmsgr.exe”, “User-Agent” in HTTP Header and Request headers in Search in.
o To block Windows Live Messenger by configure signature to “login.live.com”, “Host” in HTTP Header and Request headers in Search in.
Summary
This is the end of this serie. After complete this serie, starting from install ISA Server, configure the network topology, configure basic rule, configure client types and configure HTTP filter, now you have basic knowledge and understanding how to operate ISA Server on your own. But there are some configurations, I don’t cover for instance how to configure cache on ISA Server, how to implement VPN, etc. If you need more information, try visit ISA Server.org
This is the end of this serie. After complete this serie, starting from install ISA Server, configure the network topology, configure basic rule, configure client types and configure HTTP filter, now you have basic knowledge and understanding how to operate ISA Server on your own. But there are some configurations, I don’t cover for instance how to configure cache on ISA Server, how to implement VPN, etc. If you need more information, try visit ISA Server.org
No comments:
Post a Comment