Have you ever need to block users using MSN or Yahoo Messenger?

Or block them to using free

email services? Or even block them to post anythings on web boards? Or block them to using bit
torrent to download files? This topic can answer these questions by using Microsoft ISA Server
2006.

From Part I to IV, you have finished simple configurations on Microsoft ISA Server 2006 to
work in your network. But ISA Server can do a lot more than that. Another benefit of ISA Server
is that it can filter HTTP traffic. If you know attributes of each HTTP traffic, you can block
MSN/Yahoo Messenger, Bit torrent, web mail, disallow post on web boards, etc by allow or
block HTTP traffic using HTTP filter. I think most of the readers may not familiar what HTTP
traffic look like so let’s see about HTTP traffic in the next section.

Note: This topic isn’t require in order to running ISA Server, only Part I to IV are
sufficient. But this topic will be benefits in most organization to improve security.

HTTP Traffic

HTTP Traffic on ISA Server is a data that pass through ISA Server using HTTP protocol (by
default is on port 80) which is the protocol that is used by most applications. On each HTTP
connection, there will be a header information about client that send to server or server to client.
These information are such as Request Methods (GET, POST ,etc.), HTTP Versions
(1.0,1.1,1.2), User-Agent (Mozilla/4.0, Firefox, etc.), Content-Type (application/xml,
image/jpeg, text/xml, etc.), etc. I will not go into deep detail about HTTP protocol if you want
more information, you can find at Wikipedia – HTTP. With these header information, ISA
Server can filter HTTP traffic to allow or block specific application or traffic.

To see some sample of HTTP traffic, you can use sniffer program to capture each data packet
that pass in/out a computer. The popular one is Ethereal. I have installed Ethereal on a computer
which running a web server. Let see the different example of each HTTP header information
below.

When client sends request to the web server by browser the Internet Explorer to
http://bkkexternal (bkkexternal is the computer that runs a web server).
Detail: The request method is GET. URI is /. The User-Agent is Mozilla (compatible: MSIE
6.0).

This the response header from the above request.

Detail: The response code is 200 (OK). The server is running by Apache 2.2.4. The Content-
Type is text/xml

When you submit a form on the browser to the web server.

Detail: The request method is POST. The client host is bkkmisc01. The Content-Type is
application/x-www-form-urlencoded.

Note: “/r/n” is tag that tells end of a line, a control line feed.

Configurations

To configure HTTP filter, you need to know what attribute and value need to be configured. On
this post, I will show only the following:

1. Block specific browser: Firefox.

2. Block MSN Messenger, Windows Live Messenger.
3. Block download file .torrent.
4. Block AOL Messenger.
5. Block Yahoo Messenger.
6. Block Kazaa.
7. Block free web mail. (e.g. hotmail.com, mail.yahoo.com, etc.)
8. Block post on web boards.

Step-by-step

1. Open Microsoft ISA Server Management Console.

2. Right-click on the rule that being configured HTTP filter -> select Configure HTTP.

3. Click on Signatures tab and click Add.

4. Block specific browser: Firefox.

To block users to use Firefox browser by configure signature to “Firefox”, “User-
Agent” in HTTP Header and Request headers in Search in.

5. Block MSN Messenger, Windows Live Messenger.

To block users to use MSN Messenger and Windows Live Messenger.
 o To block MSN Messenger by configure signature to “msnmsgr.exe”, “User-
Agent” in HTTP Header and Request headers in Search in.

o To block Windows Live Messenger by configure signature to “login.live.com”,

“Host” in HTTP Header and Request headers in Search in.

6. Block download file .torrent.

To block download any .torrent files by configure signature to “application/x-
 bittorrent”, “Content-Type” in HTTP Header and Request headers in Search in.

7. Block AOL Messenger.

To block users to use AOL Messenger by configure signature to “Gecko”, “User-
Agent” in HTTP Header and Request headers in Search in.

8. Block Yahoo Messenger.

To block users to use Yahoo Messenger by configure signature to “msg.yahoo.com”,
 “Host” in HTTP Header and Request headers in Search in.

9. Block Kazaa.
To block users to use Kazaa by configure signature to “KazaaClient”, “User-Agent” in
HTTP Header and Request headers in Search in.

10. Block free web mail. (e.g. hotmail.com, mail.yahoo.com, etc.)

To block users to access free web mail, block any URL that contain string “mail” by
 configure on signature to mail.

11. Block post on web boards.

Block users to sending any information to internet (e.g. post on web board) by configure
to disallow HTTP method: POST.
o Select on Methods tab and select block specified methods.
 o Click Add. New window appears, type “POST” on method and enter some
description.

o Don’t forget to apply the settings after configuration.

12. If the users are blocked by HTTP filter, they will see page like the figure.
“Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter.”

Summary

This is the end of this serie. After complete this serie, starting from install ISA Server, configure
the network topology, configure basic rule, configure client types and configure HTTP filter,
now you have basic knowledge and understanding how to operate ISA Server on your own. But
there are some configurations, I don’t cover for instance how to configure cache on ISA Server,
how to implement VPN, etc. If you need more information, try visit ISA Server.org
I think these tutorials may be useful for starter who want to implement Microsoft ISA Server
2006 or some administrators who want to reviews configurations. If you have any problems or
any suggestion, feel free to leave some comment below.