How to Block Websites in ISA 2004
Blocking websites on ISA 2004 is often a necessary precaution. You may be trying to filter out inappropriate material, shield users from malicious attack sites or keep employees productive by blocking instant messengers and social networking sites. Luckily, ISA 2004 is very customizable when it comes to filtering HTTP communication. By specifying rules regarding the websites' signatures, headers and even URL length, you can easily control the sort of information and applications that are allowed to come through your firewall.
Other People Are Reading
Instructions
-
-
1
Open "Server Management" within ISA 2004. Click the "ISA Server" node to expand it. Click "Firewall Policy." Right click within the "Details" pane and select "Configure HTTP." The "Configure HTTP" window has five tabs: "General," "Methods," "Extensions," "Headers" and "Signatures." You may wish to specify rules for only one of these tabs or all five.
-
2
Click "General." From this tab, you can adjust the length of "Request Headers," "Maximum URL Length" and "Query Length" by typing the changed values into the corresponding fields. Limiting these lengths will help protect against DoS attacks. Microsoft recommends limiting these values to 10000 bytes, though the actual limit that you set is entirely up to your needs for the server. Within this tab, you also have the option to block HTTP responses that contain executable files.
-
-
3
Click the "Methods" tab. HTTP methods are instructions on how an object within an URL should be treated. Within this tab, you have three options: "Allow all methods," "Allow only methods that you select" or "Block selected methods." To choose one of these three options, select it from the dropdown menu at the top of the window. Use the "Add" button to built a list of allowed or blocked HTTP methods.
-
4
Click the "Extensions" tab. Similar to the "Methods" tab, you have the option to allow all file extension types, specify which are allowed or block a user-defined list. For example, if you wish to block all ".exe" files, first select "Block specified extensions" from the dropdown menu. Click "Add," then type ".exe" into the box labeled "Extension." Click "OK"
-
5
Click the "Headers" tab. From here, you can define which HTTP headers are allowed by your server and which should be blocked. To add a blocked header, click the "Add" button and type in the header.
-
6
Click "Signatures." This will allow you to block Web pages based on their signature. For example, if you wish to block messaging services such as AOL Messenger or MSN Messenger, click the "Add" button and type in "User-Agent:MSN Messenger" and "User-Agent:Gecko/." For a list of common signatures, see the "Resources" link.
-
7
Click "OK" once you have entered in all your HTTP policy rules. Your Web traffic will now be filtered accordingly.
-
1
