Blocking Peer File Sharing and Chat Clients Using ISA Server 2004
As usual, the TechNet ISA Server 2004 webcast generated a huge number of great questions. I’ll be reviewing many of those and will post a few good ones here over time.
One question that comes up every time we deliver this content is how to block the various chat and peer file sharing programs. It’s really very easy with ISA 2004. The trick is to look inside the HTTP stream with a firewall policy rule. Here are some steps:
Create a Firewall Policy New Access Rule allowing the internal network, users, etc. access to the external network (internet).
Go to the firewall policy container and right mouse click the rule you created.
Select the Configure HTTP menu item (see screenshot below).
Click the Signatures property page.
Click the Add button.
Fill out the dialog box with the appropriate information. In the example screen shot below, we are blocking MSN Messenger. A number of other common applications are listed in the table at the bottom of this article.
Click the OK button to save the application add.
Repeat for any other applications you want to block.
Apply the changes to ISA Server 2004.
Common Application HTTP Signatures
Application |
Search in |
HTTP header |
Signature |
MSN Messenger |
Request headers |
User-Agent: |
MSN Messenger |
Windows Messenger |
Request headers |
User-Agent: |
MSMSGS |
AOL Messenger |
Request headers |
User-Agent: |
Gecko/ |
Yahoo Messenger |
Request headers |
Host |
msg.yahoo.com |
Kazaa |
Request headers |
P2P-Agent |
Kazaa |
Kazaa |
Request headers |
User-Agent: |
KazaaClient |
Kazaa |
Request headers |
X-Kazaa-Network: |
KaZaA |
Gnutella |
Request headers |
User-Agent: |
Gnutella Gnucleus |
Edonkey |
Request headers |
User-Agent: |
e2dk |
Morpheus |
Response header |
Server |
Morpheus |
Enjoy!