• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Blocking Unwanted Parasites with a Hosts File

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Blocking Unwanted Parasites with a Hosts File Page: [1]
Login
Message << Older Topic   Newer Topic >>
Blocking Unwanted Parasites with a Hosts File - 4.Apr.2006 4:44:06 PM   
StefanHammar

 

Posts: 68
Joined: 19.Sep.2002
Status: offline
Hello Experts

Windows 2003 sp1 and ISA server 2004 sp2
Client, XP sp2 and ISA firewall client and no proxy configuration at IE.

At Microsoft IT-forum I got a tip about using a host file to block unwanted sites.
See site http://www.mvps.org/winhelp2002/hosts.htm

It works fine with ping at the client but not with IE ...

Is it possible to add the blocking host file to the ISA server?  It looks like it works fine ... do I miss something?
Thanks
Stefan 
Post #: 1
RE: Blocking Unwanted Parasites with a Hosts File - 4.Apr.2006 6:08:02 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
Wrong approach.  Create a destination set and a deny rule.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to StefanHammar)
Post #: 2
RE: Blocking Unwanted Parasites with a Hosts File - 5.Apr.2006 12:45:48 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
exactly u can create URL set , Domain Set , Computer Set .....


check out these 2 articles as they will tell u how. u can even import .xml files that contains blocklist sites , check the articles to learn more:


Creating URL and Domain Deny Lists using ISA Server 2004

Using ISA 2004 Firewall Domain Name Sets to Control Internet Access




_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to LLigetfa)
Post #: 3
RE: Blocking Unwanted Parasites with a Hosts File - 5.Apr.2006 3:16:50 PM   
StefanHammar

 

Posts: 68
Joined: 19.Sep.2002
Status: offline
Hi

Why is it wrong approach?

The Isa server is bloocking all the sites in the host file redirected to local host

Every month the host file is updated with new sites ...

Thanks
Stefan

(in reply to elmajdal)
Post #: 4
RE: Blocking Unwanted Parasites with a Hosts File - 5.Apr.2006 3:26:26 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
quote:

Why is it wrong approach?

It is security by ignorance.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to StefanHammar)
Post #: 5
RE: Blocking Unwanted Parasites with a Hosts File - 7.Apr.2006 9:41:31 AM   
SteveRiley

 

Posts: 2
Joined: 7.Apr.2006
From: Seattle, WA, USA
Status: offline
"Security by ignorance" -- what?

Hammar's approach is a perfectly legitimate way of accomplishing his goal. All he wants to do is block the junk. Creating deny lists in ISA Server as large as the contents of the MVPS HOSTS file might slow down the web proxy service and it will just fill the logs with unnecessary entries. I like Hammar's idea better because it filters out the ads and spyware before they reach the web proxy service, thus leaving more CPU time free for handling other stuff.

(in reply to LLigetfa)
Post #: 6
RE: Blocking Unwanted Parasites with a Hosts File - 9.Apr.2006 4:05:15 AM   
RAJP

 

Posts: 53
Joined: 11.Mar.2006
Status: offline
I use the HOSTS file on the ISA server to block DNS resolution for various Instant Messaging sites, the ones that try to sneak through any port. No DNS, no packets to process. We don't use the firewall client, just the web proxy, though.

Just don't send it to 127.0.0.1. If you require authentication for outbound access, sending it to 127.0.0.1 will make an IE proxy authentication pop-ip because it thinks it's a local logon. At least, ISA 2000 did.

Ray

(in reply to SteveRiley)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Blocking Unwanted Parasites with a Hosts File Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts