How to block traffic with a HTTP Signature


A thread that I keep seeing in the newsgroups is “How do I block IM clients on my network with ISA Server?”. 


 


 Most IM and P2P clients today can be configured to use port 80, or to use the same proxy settings as IE, or  can have their own proxy settings, so blocking the applications native protocol does not help much when you need to allow your users to surf the Internet. Remember ISA does not allow traffic to pass unless you create a rule to allow it. ISA Server allows you to block HTTP traffic based upon the applications unique signature. By blocking traffic based upon its signature you can block specific traffic, while still allowing your users to surf the Internet.  


 


Follow the following steps to block traffic with a HTTP signature.



  1. You need to know the application signature that you want to block. For a sample list of application signatures, see Common Application Signatures on the ISA Server TechNet web site. In my next blog entry I will discuss how to discover the signature for an application. You can also search the Internet for common application signatures.

  2. Create an access rule allowing HTTP traffic.

  3. Right click the access rule and select Configure HTTP.

  4. Select the Signatures tab.

  5. Click Add, and enter the following information: The example signature is for MSN Messenger.


    1. Name: MSN Messenger

    2. Search in: Select Request headers

    3. HTTP header: User-Agent: (including the colon)

    4. Signature: MSN Messenger

  6. Click OK and OK.

  7. Apply your changes and try to open MSN Messenger.

 


Signatures are defined on a per rule basis and can be defined on access rules or Web publishing rules.


 


Gershon Levitz


ISA Server User Education


Comments (10)

  1. Anonymous says:

    Hi,

    I wants to block attachment for yahoo,hotmail,gmail users. How can I achieve this?

  2. ryan says:

    How to block Skype in ISA Server

  3. horny gay toons says:

    male gay videos download
    feet boys
    little boys winter coat formal
    gay male erotic cartoons
    jays xxx gay links

  4. Don says:

    Nice site!

    [url=http://jztdrfkm.com/wvdu/bnmy.html]My homepage[/url] | [url=http://oowjcyqy.com/rueo/ibwd.html]Cool site[/url]

  5. qeomomc says:

    Not much on my mind today. What can I say? I’ve just been sitting around waiting for something to happen. But i found this site and became happy! vu : og

  6. zawmn says:

    How can I block your freedom with ISA 2004 server?

  7. phanos says:

    Hi my name is phanos  I am working on isa server 2004 and I would like to now if there is a way to pout an exception  word on isa server  signature like  *essex* from the word *sex*  

  8. Oasis says:

    In regard to "How can I block your freedom with ISA 2004 server?", some workaround are out there.

    Create an access rule in which all outbound traffic to freedom server are disallowed.

    Regular update to the url list is required.