Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Block download of exec files

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> Block download of exec files Page: [1]
Login
Message << Older Topic   Newer Topic >>
Block download of exec files - 26.Oct.2007 6:48:38 PM   
PhilPonc

 

Posts: 2
Joined: 26.Oct.2007
Status: offline 		Hi ,

I read a few notes on ISAserver.org about blocking the download of Exec files.

But...using blocking extentions didn't work as I will. In fact, it's now impossible to download exec files but we can't access url like this one ( see below) anymore :

http://hari.b-holding.be/Hafas/bin/query.exe/en?

It seems that ISA 2004 considers query.exe like a extention to be blocked...

All I want to do is forbidden the download of .exe (or .com) files.

Any ideas ?

Thanks


Post #: 1
RE: Block download of exec files - 26.Oct.2007 8:15:35 PM   
ferrix

 

Posts: 363
Joined: 16.Mar.2005
Status: offline 		Just off the top of my head here but.. You could use signatures instead of extension blocking, and put in the mime types of what you want to block?

Or maybe easier to do what you are now, but also put a higher rule that explicitly allows the sites that use ".exe/" in their URLs but are known to be safe.

(in reply to PhilPonc)
Post #: 2
RE: Block download of exec files - 27.Oct.2007 1:23:54 PM   
PhilPonc

 

Posts: 2
Joined: 26.Oct.2007
Status: offline 		Thanks, I used Mine Type and it works.

I've just to add a extention that was not in by default.

This one was well blocked :

http://download.nai.com/products/licensed/superdat/engine/intel/5200/5200eng.exe

Http communication Sniff :

GET http://download.nai.com/products/licensed/superdat/engine/intel/5200/5200eng.exe
....
Content-Length: 1923862
Date: Sat, 27 Oct 2007 15:13:06 GMT
Age: 4081
Content-Type: application/octet-stream
ETag: "0efeac851d3c71:e27"
Server: Microsoft-IIS/5.0
Accept-Ranges: bytes
Last-Modified: Tue, 31 Jul 2007 09:04:22 GMT

But this one was not blocked : 

http://pierre.szwarc.free.fr/Files/RegCleaner.exe

I just added application/x-msdos-program and everything is fine now.

Thanks a lot.

Poncelet Ph.

(in reply to ferrix)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> Block download of exec files Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts