• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

http filtering and Sharepoint reccomenations

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> HTTP Filtering >> http filtering and Sharepoint reccomenations Page: [1]
Login
Message << Older Topic   Newer Topic >>
http filtering and Sharepoint reccomenations - 2.Apr.2008 4:46:53 PM   
paul_psmith

 

Posts: 79
Joined: 2.Nov.2006
Status: offline
Anyone got any?

I've searched MS site, ISA server.org site, internet, but can;t seem to find anyone with some good baseline Sharepoint HTTP filter settings.

Any help appreciated.
Thx
PS
Post #: 1
RE: http filtering and Sharepoint reccomenations - 15.May2008 11:25:16 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Been looking for this information for ages too...the only viable option I have looked into is reverse engineering the settings used in the Microsoft IAG product.

Based upon this, you get the following XML file which can be used with HttpFilterConfig.vbs:

<Configuration BlockExecutables="false" ViaHeaderAction="0" NewViaHeaderValue="" ServerHeaderAction="0" NewServerHeaderValue="" MaxRequestBodyLen="-1"><UrlValidation NormalizeBeforeScan="true" VerifyNormalization="false" AllowHighBitCharacters="true" BlockDotInPath="false" MaxLength="10240" MaxQueryLength="10240"><Extensions AllowCondition="0"></Extensions></UrlValidation><Verbs AllowCondition="1">tion=""/><Verb Value="PROPFIND" Description=""/><Verb Value="OPTIONS" Description=""/><Verb Value="HEAD" Description=""/><Verb Value="POST" Description=""/><Verb Value="GET" Description=""/></Verbs><RequestHeaders/><ResponseHeaders/><DeniedSignatures></DeniedSignatures></Configuration>

Same as above, but with denied signatures too:

<Configuration BlockExecutables="false" ViaHeaderAction="0" NewViaHeaderValue="" ServerHeaderAction="0" NewServerHeaderValue="" MaxRequestBodyLen="-1"><UrlValidation NormalizeBeforeScan="true" VerifyNormalization="false" AllowHighBitCharacters="true" BlockDotInPath="false" MaxLength="10240" MaxQueryLength="10240"><Extensions AllowCondition="0"></Extensions></UrlValidation><Verbs AllowCondition="1">tion=""/><Verb Value="PROPFIND" Description=""/><Verb Value="OPTIONS" Description=""/><Verb Value="HEAD" Description=""/><Verb Value="POST" Description=""/><Verb Value="GET" Description=""/></Verbs><RequestHeaders/><ResponseHeaders/><DeniedSignatures><Signature Name="\\" Description="" SearchInType="0" SearchInHeader="" From="1" To="100" Pattern="[\\]" FormatIsText="true" Enabled="true"/><Signature Name=":" Description="" SearchInType="0" SearchInHeader="" From="1" To="100" Pattern="[:]" FormatIsText="true" Enabled="true"/><Signature Name="*" Description="" SearchInType="0" SearchInHeader="" From="1" To="100" Pattern="
  • " FormatIsText="true" Enabled="true"/><Signature Name="?" Description="" SearchInType="0" SearchInHeader="" From="1" To="100" Pattern="[?]" FormatIsText="true" Enabled="true"/><Signature Name="&quot;&quot;" Description="" SearchInType="0" SearchInHeader="" From="1" To="100" Pattern="[&quot;&quot;]" FormatIsText="true" Enabled="true"/><Signature Name="&lt;" Description="" SearchInType="0" SearchInHeader="" From="1" To="100" Pattern="[&lt;]" FormatIsText="true" Enabled="true"/><Signature Name="&gt;" Description="" SearchInType="0" SearchInHeader="" From="1" To="100" Pattern="[&gt;]" FormatIsText="true" Enabled="true"/><Signature Name="|" Description="" SearchInType="0" SearchInHeader="" From="1" To="100" Pattern="[|]" FormatIsText="true" Enabled="true"/></DeniedSignatures></Configuration>

    I haven't tested these extensively, but they appear to work for IAG, so I would expect them to be ok with ISA. They may need tweaking though

    Cheers

    JJ

    _____________________________

    Jason Jones | Forefront MVP | Silversands Ltd
    My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

    (in reply to paul_psmith)
  • Post #: 2

    Page:   [1] << Older Topic    Newer Topic >>
    All Forums >> [ISA 2006 Firewall] >> HTTP Filtering >> http filtering and Sharepoint reccomenations Page: [1]
    Jump to:

    New Messages No New Messages
    Hot Topic w/ New Messages Hot Topic w/o New Messages
    Locked w/ New Messages Locked w/o New Messages
     Post New Thread
     Reply to Message
     Post New Poll
     Submit Vote
     Delete My Own Post
     Delete My Own Thread
     Rate Posts