How Can I Install a Blacklist in ISA Server?

  • Article

Lists of various categories of Web sites to which you may want to block access to some or all users in your organization are available on the Web and from other sources. The files containing such lists may have one of four typical formats:

  • A text file containing a list of domain names.
  • A text file containing a list of URLs.
  • An .xml file created by exporting a domain name set.
  • An .xml file created by exporting a URL set.

Before describing how to install these files, let's quickly review the differences between domain name sets and URL sets. A domain name set is a rule element that can be defined in an array or on the enterprise level (in Enterprise Edition). Each domain name set holds a set of domain names that can be applied to cache rules, routing rules, access rules, and system policy rules. The domain names included in a domain name set may be specified in either of the following formats:

  • Fully qualified domain name (FQDN) (for example, www.northwindtraders.com)
  • Domain Name System (DNS) suffix (for example, *.net)

Domain names specified in other formats may be included, but these are ignored.

A URL set is also a rule element that can be defined in an array or on the enterprise level (in Enterprise Edition). Each URL set contains a set of URLs that can be applied to rules that control HTTP traffic, including cache rules, routing rules, access rules, and system policy rules.

Each URL in a URL set may include a host name and a path. Wildcard characters are allowed. However, URLs containing a question mark (?) that are included in a URL set are ignored. A protocol (HTTP, HTTPS, or FTP) and a port number may be included, but these are ignored.

  • Host names may be specified in any of the following formats:
  • FQDN (for example, www.northwindtraders.com)
  • DNS suffix (for example, *.net)
  • IP address
  • Wildcard character (*)

Paths may be specified in any of the following formats:

  • Full path (for example, default.htm)
  • Prefix (for example, /pictures/travel/* or /*)

A list of domain names in a text file can be added to a domain name set using a script, and a list of URLs in a text file can be added to a URL set using a script. For scripts that perform these tasks and additional relevant information, see Adding Lists to Domain Name Sets and URL Sets at the Microsoft TechNet Web site. The scripts in this article are suitable for both ISA Server 2006 and ISA Server 2004.

The domain name set defined in an .xml file created by exporting a domain name set can be installed by importing the .xml file. This is accomplished by performing the following steps.

  1. Open ISA Server Management.
  2. In the console tree, click Firewall Policy. This step can be performed as follows:

    • For ISA Server Enterprise Edition, expand Microsoft Internet Security and Acceleration Server 2006 (or 2004), expand Arrays, expand Array_Name, and then click Firewall Policy.

    • For ISA Server Standard Edition, expand Microsoft Internet Security and Acceleration Server 2006 (or 2004), expand Server_Name, and then click Firewall Policy.

  1. On the Toolbox tab, click Network Objects.
  2. Right-click Domain Name Sets.
  3. Click Import All.
  4. In ISA Server 2006, follow the instructions in the Import Wizard. In ISA Server 2004, select the .xml file and click Import.

Note that the name of the new domain name set is defined in the .xml file.

The URL set defined in an .xml file created by exporting a URL set can be installed by importing the .xml file. This is accomplished by performing the following steps.

  1. Open ISA Server Management.
  2. In the console tree, click Firewall Policy. This step can be performed as follows:

    • For ISA Server Enterprise Edition, expand Microsoft Internet Security and Acceleration Server 2006 (or 2004), expand Arrays, expand Array_Name, and then click Firewall Policy.

    • For ISA Server Standard Edition, expand Microsoft Internet Security and Acceleration Server 2006 (or 2004), expand Server_Name, and then click Firewall Policy.

  1. On the Toolbox tab, click Network Objects.

  2. Right-click URL Sets.

  3. Click Import All.

  4. In ISA Server 2006, follow the instructions in the Import Wizard. In ISA Server 2004, select the .xml file and click Import.

Note that the name of the new URL set is defined in the .xml file.

Pesach Shelnitz

ISA Server Team