通过

How to block traffic with a HTTP Signature

  • 项目

A thread that I keep seeing in the newsgroups is “How do I block IM clients on my network with ISA Server?”. 

 

 Most IM and P2P clients today can be configured to use port 80, or to use the same proxy settings as IE, or  can have their own proxy settings, so blocking the applications native protocol does not help much when you need to allow your users to surf the Internet. Remember ISA does not allow traffic to pass unless you create a rule to allow it. ISA Server allows you to block HTTP traffic based upon the applications unique signature. By blocking traffic based upon its signature you can block specific traffic, while still allowing your users to surf the Internet.  

 

Follow the following steps to block traffic with a HTTP signature.

  1. You need to know the application signature that you want to block. For a sample list of application signatures, see Common Application Signatures on the ISA Server TechNet web site. In my next blog entry I will discuss how to discover the signature for an application. You can also search the Internet for common application signatures.
  2. Create an access rule allowing HTTP traffic.
  3. Right click the access rule and select Configure HTTP.
  4. Select the Signatures tab.
  5. Click Add, and enter the following information: The example signature is for MSN Messenger.
    1. Name: MSN Messenger
    2. Search in: Select Request headers
    3. HTTP header: User-Agent: (including the colon)
    4. Signature: MSN Messenger
  6. Click OK and OK.
  7. Apply your changes and try to open MSN Messenger.

 

Signatures are defined on a per rule basis and can be defined on access rules or Web publishing rules.

 

Gershon Levitz

ISA Server User Education

Comments

  • Anonymous
    January 01, 2003
    Hi, I wants to block attachment for yahoo,hotmail,gmail users. How can I achieve this?

  • Anonymous
    August 14, 2006
    How to block Skype in ISA Server

  • Anonymous
    August 24, 2006
    The comment has been removed

  • Anonymous
    September 21, 2006
    Nice site!
    [url=http://jztdrfkm.com/wvdu/bnmy.html]My homepage[/url] | [url=http://oowjcyqy.com/rueo/ibwd.html]Cool site[/url]

  • Anonymous
    September 21, 2006
    Thank you!
    <a href="http://jztdrfkm.com/wvdu/bnmy.html">My homepage</a> | <a href="http://slysgfbm.com/dycy/thla.html">Please visit</a>

  • Anonymous
    September 21, 2006
    Nice site!
    http://jztdrfkm.com/wvdu/bnmy.html | http://vodqsbfc.com/mrzz/vvfa.html

  • Anonymous
    July 26, 2007
    Not much on my mind today. What can I say? I've just been sitting around waiting for something to happen. But i found this site and became happy! vu : og

  • Anonymous
    August 11, 2007
    How can I block your freedom with ISA 2004 server?

  • Anonymous
    September 26, 2007
    The comment has been removed

  • Anonymous
    October 20, 2007
    In regard to "How can I block your freedom with ISA 2004 server?", some workaround are out there. Create an access rule in which all outbound traffic to freedom server are disallowed. Regular update to the url list is required.