Welcome to ISAserver.org

block download from web forums

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> block download from web forums

Page: [1]

Message

<< Older Topic Newer Topic >>

block download from web forums - 4.Dec.2005 10:33:11 AM

alfarhoud

Posts: 10
Joined: 4.Dec.2005
Status: offline

Hi people this Is my first post

I installed MS ISA 2004 on my network for testing before I go production with it and I configured the policies of the http web filter to block downloadable files such as .exe .zip .rar ��.etc�.etc and when I test it worked like a dream

up until I tried to test the download on a VBulletin forum and it did download from it.

My question is how can I block the downloads from forums????

Post #: 1

Featured Links*

RE: block download from web forums - 7.Dec.2005 9:12:05 PM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Alfar,

What is the URL that allowed the download?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to alfarhoud)

Post #: 2

RE: block download from web forums - 7.Dec.2005 9:41:36 PM

Guest

right click your rule > configure Http

under the Extensions Tab add what even extension u want to block.

(in reply to alfarhoud)

Post #: 3

RE: block download from web forums - 7.Dec.2005 10:43:33 PM

alfarhoud

Posts: 10
Joined: 4.Dec.2005
Status: offline

hi Tom

this is the url for the forum

www.al-hatif.com/vb

humm the site is in arabic so let me give you a direct link for a downloadable file

http://al-hatif.com/vb/showthread.php?t=190

and majdal

i did that and its working for normal site the idea is to block it for forums

(in reply to Guest)

Post #: 4

RE: block download from web forums - 8.Dec.2005 2:12:12 AM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Alfar,

I'm not sure where to clck. When I clck on something that looks like a .zip icon, it takes me to another page which looks like a log on page.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to alfarhoud)

Post #: 5

RE: block download from web forums - 17.Dec.2005 2:33:24 PM

alfarhoud

Posts: 10
Joined: 4.Dec.2005
Status: offline

ohh yes tom you need to log in to download

i made an account for you to use log/pass: tom/tom

go to the link and see what you can do

Yours Alfarhoud

(in reply to tshinder)

Post #: 6

RE: block download from web forums - 17.Dec.2005 3:16:10 PM

elmajdal

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline

man , i logged in and tried the download with what i said to u before , i was blocked to download the zip files.

check ur isa rules , maybe u have another rule that is bypassing ur users.

(in reply to alfarhoud)

Post #: 7

RE: block download from web forums - 17.Dec.2005 4:16:00 PM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

Hey guys,

Here is my log file result:

Original Client IP Authenticated Client Service Server Name Referring Server Destination Host Name MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Network Interface Raw IP Header Raw Payload Source Port Processing Time Bytes Sent Bytes Received Cache Information Log Time Client IP Destination IP Transport Destination Port Protocol Action Rule Client Username URL Source Network Destination Network HTTP Method Filter Information Error Information Result Code Log Record Type Client Agent HTTP Status Code
0.0.0.0 Yes Proxy CELESTIX-H5L4CS al-hatif.com application/zip Internet - - - - - - 0 721 77132 636 0x1a00000 12/17/2005 9:14:45 AM 192.168.1.70 66.116.229.37 TCP 80 http Allowed Connection All Open Users CELESTIX-H5L4CS\tshinder http://al-hatif.com/vb/attachment.php?attachmentid=487&d=1122412545 Internal External GET 0x480 Web Proxy Filter Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727) 200

Notice that the MIME type does indicate that a zip file is being downloaded, but the file extension is not included in the request, so you need to block the MIME type in addition to the file extension using Content Groups.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to elmajdal)

Post #: 8