Blocking Peer File Sharing and Chat Clients Using ISA Server 2004


As usual, the TechNet ISA Server 2004 webcast generated a huge number of great questions.  I’ll be reviewing many of those and will post a few good ones here over time.


 


One question that comes up every time we deliver this content is how to block the various chat and peer file sharing programs.  It’s really very easy with ISA 2004.  The trick is to look inside the HTTP stream with a firewall policy rule.  Here are some steps:


 



  1. Create a Firewall Policy New Access Rule allowing the internal network, users, etc. access to the external network (internet).
  2. Go to the firewall policy container and right mouse click the rule you created.
  3. Select the Configure HTTP menu item (see screenshot below).

  


 



  1. Click the Signatures property page.
  2. Click the Add button.
  3. Fill out the dialog box with the appropriate information.  In the example screen shot below, we are blocking MSN Messenger.  A number of other common applications are listed in the table at the bottom of this article.

  


 



  1. Click the OK button to save the application add.
  2. Repeat for any other applications you want to block.
  3. Apply the changes to ISA Server 2004.


Common Application HTTP Signatures


 


























































Application


Search in


HTTP header


Signature


MSN Messenger


Request headers


User-Agent:


MSN Messenger


Windows Messenger


Request headers


User-Agent:


MSMSGS


AOL Messenger


Request headers


User-Agent:


Gecko/


Yahoo Messenger


Request headers


Host


msg.yahoo.com


Kazaa


Request headers


P2P-Agent


Kazaa


Kazaa


Request headers


User-Agent:


KazaaClient


Kazaa


Request headers


X-Kazaa-Network:


KaZaA


Gnutella


Request headers


User-Agent:


Gnutella


Gnucleus


Edonkey


Request headers


User-Agent:


e2dk


Morpheus


Response header


Server


Morpheus


 


Enjoy!


Comments (3)

  1. bb says:

    if on a firewall running a MS ISA 2004 , how can i give access to a particular user for a peer to peer  without giving access to other users on the network?

    Is there a particular port  i can leave open?

    thanks

  2. Keith Combs says:

    Can you give me more specifics on which program, ports it uses, does the user use a particular machine all of the time, if that machine is a static or dynamic ip address machine, etc.?  

    There are a number of options and depending on the environment it will depend on how to implement that effectively.

    Thanks,

    Keith

  3. KHansen says:

    How do the Application HTTP Signature for Ares file sharing look? I want to block

    Best regards

    KHansen