Instant messaging (IM) is a form of real-time textual communication between two or more people that allows easy communication between peers. Peer-to-peer (P2P) is an Internet network that allows a group of computer users with the same networking program to connect with each other and directly access files from one another’s hard drives (e.g. KaZaA, Napster).
The downsides to these programs are many. Excessive non-business IM during business hours could adversely affect users’ productivity. The use of P2P may consume enough network bandwidth to leave noticeable impact on the network and operation of legitimate programs. Furthermore, there exists the potential to incur major issues with IM/P2P, including the inadvertently revealing sensitive information, misusing company resources, legal issues, and virus incursion.
This article describes how to block IM/P2P by using HTTP Signature, a new feature of ISA 2004. For the sake of simplicity, only the blocking of MSN Messenger is discussed; however, the same concept applies to Live Messenger, Yahoo! Instant Messenger, etc.
ISA Server 2004 already has a pre-defined protocol called “MSN Messenger” which allows traffic on port 1863 for Windows Messenger and MSN Messenger to connect to the Internet. By restricting this protocol, we make our network more secure. However, most IM/P2P today can be configured to use port 80, or to use the same proxy settings as IE, or can otherwise have their own proxy settings. Some also have an option to enter proxy authentication details if required. Restricting the application’s protocol does not help much when we need allow internal users to access the Internet.
Fortunately, ISA Server can block all HTTP traffic based on an application’s unique signature. In doing will block specific traffic while still allowing users to access the Internet. To do so, follow the steps below:
1. Firstly find the application signature to be blocked. For a sample list of application signatures, see Common Application Signatures at:
Note: Live Messenger has recently changed its signature. Live Messenger (build 8.0.0787.00) uses the signature below:
HTTP Header: User-Agent:
Signature: 8.0.0787.00 (or 8.0.787.0)
2. Create an access rule allowing HTTP traffic.
3. Right-click the access rule and select Configure HTTP.
4. Select the Signatures tab.
5. Click Add, and enter the following information:
(The example signature is for MSN Messenger.)
A. Name: MSN Messenger
B. Search in: Select Request headers
C. HTTP header: User-Agent: (including the colon)
D. Signature: MSN Messenger
6. Click OK twice and apply changes.
7. Finally, try to open MSN Messenger to test the settings.
For more information, please consult:
HTTP Filtering in ISA Server 2004
Author: Woody Guo