I installed MS ISA 2004 on my network for testing before I go production with it and I configured the policies of the http web filter to block downloadable files such as .exe .zip .rar …….etc….etc and when I test it worked like a dream up until I tried to test the download on a VBulletin forum and it did download from it.
My question is how can I block the downloads from forums????
Original Client IP Authenticated Client Service Server Name Referring Server Destination Host Name MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Network Interface Raw IP Header Raw Payload Source Port Processing Time Bytes Sent Bytes Received Cache Information Log Time Client IP Destination IP Transport Destination Port Protocol Action Rule Client Username URL Source Network Destination Network HTTP Method Filter Information Error Information Result Code Log Record Type Client Agent HTTP Status Code 0.0.0.0 Yes Proxy CELESTIX-H5L4CS al-hatif.com application/zip Internet - - - - - - 0 721 77132 636 0x1a00000 12/17/2005 9:14:45 AM 192.168.1.70 220.127.116.11 TCP 80 http Allowed Connection All Open Users CELESTIX-H5L4CS\tshinder http://al-hatif.com/vb/attachment.php?attachmentid=487&d=1122412545 Internal External GET 0x480 Web Proxy Filter Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727) 200
Notice that the MIME type does indicate that a zip file is being downloaded, but the file extension is not included in the request, so you need to block the MIME type in addition to the file extension using Content Groups.