Professional Documents
Culture Documents
From Part I to IV, you have finished simple configurations on Microsoft ISA Server 2006 to
work in your network. But ISA Server can do a lot more than that. Another benefit of ISA Server
is that it can filter HTTP traffic. If you know attributes of each HTTP traffic, you can block
MSN/Yahoo Messenger, Bit torrent, web mail, disallow post on web boards, etc by allow or
block HTTP traffic using HTTP filter. I think most of the readers may not familiar what HTTP
traffic look like so let’s see about HTTP traffic in the next section.
Note: This topic isn’t require in order to running ISA Server, only Part I to IV are
sufficient. But this topic will be benefits in most organization to improve security.
HTTP Traffic
HTTP Traffic on ISA Server is a data that pass through ISA Server using HTTP protocol (by
default is on port 80) which is the protocol that is used by most applications. On each HTTP
connection, there will be a header information about client that send to server or server to client.
These information are such as Request Methods (GET, POST ,etc.), HTTP Versions
(1.0,1.1,1.2), User-Agent (Mozilla/4.0, Firefox, etc.), Content-Type (application/xml,
image/jpeg, text/xml, etc.), etc. I will not go into deep detail about HTTP protocol if you want
more information, you can find at Wikipedia – HTTP. With these header information, ISA
Server can filter HTTP traffic to allow or block specific application or traffic.
To see some sample of HTTP traffic, you can use sniffer program to capture each data packet
that pass in/out a computer. The popular one is Ethereal. I have installed Ethereal on a computer
which running a web server. Let see the different example of each HTTP header information
below.
When client sends request to the web server by browser the Internet Explorer to
http://bkkexternal (bkkexternal is the computer that runs a web server).
Detail: The request method is GET. URI is /. The User-Agent is Mozilla (compatible: MSIE
6.0).
Note: “/r/n” is tag that tells end of a line, a control line feed.
Configurations
To configure HTTP filter, you need to know what attribute and value need to be configured. On
this post, I will show only the following:
Step-by-step
9. Block Kazaa.
To block users to use Kazaa by configure signature to “KazaaClient”, “User-Agent” in
HTTP Header and Request headers in Search in.
12. If the users are blocked by HTTP filter, they will see page like the figure.
“Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter.”
Summary
This is the end of this serie. After complete this serie, starting from install ISA Server, configure
the network topology, configure basic rule, configure client types and configure HTTP filter,
now you have basic knowledge and understanding how to operate ISA Server on your own. But
there are some configurations, I don’t cover for instance how to configure cache on ISA Server,
how to implement VPN, etc. If you need more information, try visit ISA Server.org
I think these tutorials may be useful for starter who want to implement Microsoft ISA Server
2006 or some administrators who want to reviews configurations. If you have any problems or
any suggestion, feel free to leave some comment below.