How to block traffic with a HTTP Signature

A thread that I keep seeing in the newsgroups is “How do I block IM clients on my network with ISA Server?”. 

 

 Most IM and P2P clients today can be configured to use port 80, or to use the same proxy settings as IE, or  can have their own proxy settings, so blocking the applications native protocol does not help much when you need to allow your users to surf the Internet. Remember ISA does not allow traffic to pass unless you create a rule to allow it. ISA Server allows you to block HTTP traffic based upon the applications unique signature. By blocking traffic based upon its signature you can block specific traffic, while still allowing your users to surf the Internet.  

 

Follow the following steps to block traffic with a HTTP signature.

1. You need to know the application signature that you want to block. For a sample list of application signatures, see Common Application Signatures on the ISA Server TechNet web site. In my next blog entry I will discuss how to discover the signature for an application. You can also search the Internet for common application signatures.


2. Create an access rule allowing HTTP traffic.


3. Right click the access rule and select Configure HTTP.


4. Select the Signatures tab.


5. Click Add, and enter the following information: The example signature is for MSN Messenger.




1. Name: MSN Messenger


2. Search in: Select Request headers


3. HTTP header: User-Agent: (including the colon)


4. Signature: MSN Messenger


6. Click OK and OK.


7. Apply your changes and try to open MSN Messenger.

 

Signatures are defined on a per rule basis and can be defined on access rules or Web publishing rules.

 

Gershon Levitz

ISA Server User Education