Welcome to Sign in | Join | Help
in
Home Blog Forums

The Lazy Admin

Blocking URL's and Domains with ISA 2004

Sponsor

Locking down web access is a must in today's IT enviroment. Spyware, Adware, harassment lawuits are among the few things that wide open web access can give you. I know if two businesses that had sexual harrasment lawsuits brought against them due to one employee seeing another employee browsing sites that contained sexual content.

Thankfully with ISA we can block access to these sites using URL and Domain Deny Lists. On top of this it is possible to import these lists in XML format. There are three parts to this process, first we must create the XML file to import (or download one), then we must import the XML file, and finally we must create an access rule to deny access to the URLs and domains in the imported list(s). There are links at the end of this article where you can downlad some prewritten XML files to import. Importing the XML File We will start by opening up the ISA Manager MMC. From the Firewall Policy node, click on Toolbox, locate Domain Name Sets and right-click it; select Import All.

 

Locate the XML file on the hard drive or network share and select Import.

The XML will be imported......

..... and we are ready to create the Access Rule. Creating the Access Rule Click on the Tasks tab and select Create a New Access Rule. The wizard will begin, enter the name for this rule and click Next.

We are going to want to deny access to these Domains so ensure the Deny radio button is selected and click Next.

 

We want to block all web access to these sites so select the HTTP and HTTPS protocols before clicking Next.

We want the rule to apply to traffic going out from the internal network. Click Add and select the Internal network from the Network Sets list and click Next to proceed.

Now we will enter the blocked Domain Name Sets. Click Add, drill down to the Domain Name Sets and select all the lists you imported earlier.

We want this rule to apply to all users so click Add, and select All Users before clicking Next.

Finally, review the settings for this access rule and click Finish.

Apply the rule and we are ready to test it out.

Open up a web browser and browse to one of the domains listed in the XML file. You will be denied access and shown a 502 Proxy Error page.

 

There are a couple of sites with precompiled XML files that block the majority of "crap" out there. While I really think it would be impossible to block it all, its a good start, and recommended practice.

For more information see:

ISA Stuff Website

Tacteam.net Blocklist Download (44KB ZIP)





Published Tuesday, May 10, 2005 8:17 AM by rodney.buike
Filed under:

Comments

No Comments
Anonymous comments are disabled

This Blog

Powered By

 

Syndication

Sponsors

 
 
Get a free 5GB e-mail account @isalazyadmin.com

Affiliates

Canadian IT Professionals

Canadian IT Managers

Certifications & Awards


All postings are provided "AS IS" with no warranties, and confer no rights.
Microsoft product screen shot(s) reprinted with permission from Microsoft Corporation.
Copyright TheLazyAdmin Inc. All Rights Reserved 2004-2008