• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

How to block Porn Tube Sites

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> HTTP Filtering >> How to block Porn Tube Sites Page: [1]
Login
Message << Older Topic   Newer Topic >>
How to block Porn Tube Sites - 27.Apr.2009 3:01:40 PM   
mushtash

 

Posts: 43
Joined: 25.Feb.2009
Status: offline
I have a Mac user who is not listed in ISA Computer. from logging I could get the browser information.This users accessing porn tube sites like redtube.com. I created on top to deny all outbound from Internal to URL blacklist for ALL Users
In the list i addedd *.redtube.com, www.redtube.com and also IP address
but in logs i can see digits with .redtube.com
Also I have rule above allow internet to deny Malware Domain Name Set and URL Domains
Added in every block list. But still its accessible with random streaming server addresses.
Also created HTTP signature to block specific words. No luck
Post #: 1
RE: How to block Porn Tube Sites - 29.Apr.2009 7:00:58 PM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
Try Adding URLs in the HTTP Filtering. I am not sure if you have tried that.

Moreover, create a domain set and not URL set as these websites use random names.

Create a Deny Access Rule from Internal to This Domain set and block it for all users and keep the rule on top of it. If you wanna use the HTTP filtering then you may try HTTP filtering in your general Internet access rule....

Let me know the output. I can help you further investigate the same

_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to mushtash)
Post #: 2
RE: How to block Porn Tube Sites - 30.Apr.2009 1:16:15 AM   
mushtash

 

Posts: 43
Joined: 25.Feb.2009
Status: offline
Thanks for the reply.
In http filtering I have signatures redtube, porntube without TLD is that ok?
I have already downloaded Domain Name Set from MalwareDomains.com , can I add here the entries or do I need to create a new domain name set.
Also please help me how to create a domain name set for sites like
redtube.com
sextube.com
xtube.com
porntube.com
pornhub.com

There are massive number of similar site how to block all these. Is there a Domain Name Set for such sites for ISA 2006 EE?

(in reply to mushtash)
Post #: 3
RE: How to block Porn Tube Sites - 30.Apr.2009 9:47:34 AM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
quote:


In http filtering I have signatures redtube, porntube without TLD is that ok?

It's fine but i that should get blocked by the Deny Access Rule.

quote:


Also please help me how to create a domain name set for sites like
redtube.com
xtube.com
porntube.com
pornhub.com

*.domain.com is the right way to create the domain name set. Then create Deny access rule from Internal to this Domain set for all users and keep it on top of the Rule list.
quote:


There are massive number of similar site how to block all these. Is there a Domain Name Set for such sites for ISA 2006 EE?

There is no default listings

Usually it should catch the URLs. If you have the SecureNAT clients (ISA's IP as their DG) then HTTP Filtering is less effective. HTTP Filtering will work positively when you have web proxy clients. Check below for SecureNAT Clients

User says GET http://www.msn.com
Client asks local DNS server, please resolve www.msn.com
DNS server says its IP is 1.1.1.1 (example)
Client routes that to ISA as its not of it's own network
Client replaces the hostname and asks ISA can you GET http://1.1.1.1
ISA does a reverse DNS lookup and gets the Hostname
ISA Checks the Hostname against the Domain Sets. If it matches it tries to find the Rule which is using that Domain Set. If it finds, it applies the action Allow or Deny
If Allow, ISA goes to the MSN web server and GETs the page
Client Gets the Page
Everyone Happy but not you  you wanted to block it with HTTP filtering


Lets suppose you might have created a HTTP filtering for Requested URL and you entered www.msn.com but when client sends GET http://1.1.1.1 it mismatches the HTTP Filtering and doesn't apply. When you make users web proxy users, the users send http://www.msn.com to the ISA which now matches with the entry and HTTP filter is applied.

HTTP Filtering requires you to dig deep into network monitoring and see in packets whats coming in. Then use those signatures.

Though, URL filtering and Domain Name set filtering should have worked irrespective of above scenario. If you have ISA 2006 SP1 installed, then enable the diagnostics logging and test it. Then go back and check the applicability of the rules....You may also use the Traffic Simulator to perform this test...

Hope that helps




_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to mushtash)
Post #: 4
RE: How to block Porn Tube Sites - 30.Apr.2009 10:24:01 AM   
mushtash

 

Posts: 43
Joined: 25.Feb.2009
Status: offline
Thanks great help inderjeet!!
With respect to my network scenario I have AD 2003 with DHCP Enabled. All users Windows and Non Windows users are just hooking up their laptops and accessing
In ISA 2006 EE SP 1  I can see in sessions that same IP address is Web Proxy Client and Secure NAT Client.
Now I have forced through DHCP to Auto detect proxy settings.( At the same time DHCP when leasing IP address it also provides ISA IP as Deafult Gateway which makes Clients as SecureNAT Client)
Now How to Make all as Webproxy Client? to effectively use HTTP Filtering
If I deny access to Secure NAT clients will all have problem in accessing websites.
I have created Rule on top Deny from Internal to Domain Name Set, that works now to block few porn tube sites which I have listed. But the problem is a Non Windows users with Mac is uncontrollable, visiting different porn tube sites with random streaming servers.

(in reply to mushtash)
Post #: 5
RE: How to block Porn Tube Sites - 30.Apr.2009 11:34:06 AM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
If you make SecureNAT clients also as Web proxy clients then Web proxy settings takes precedence for all web requests.

Sorry but I dint understand " I can see in sessions that same IP address is Web Proxy Client and Secure NAT Client "

MAC users remain a challenge because we dont have a MAC client for ISA. They can either be web proxy clients or they can be SecureNAT clients

I have zero experience with MAC clients so i believe someone from the forum can help you with that. Open a new thread to ask that question seperately

_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to mushtash)
Post #: 6
RE: How to block Porn Tube Sites - 30.Apr.2009 11:35:32 AM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
Check this http://blogs.technet.com/isingh/archive/2009/04/30/3233535.aspx 

I have just written a blog for the same issue with Traces. You will definately get better understanding

_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to mushtash)
Post #: 7
RE: How to block Porn Tube Sites - 30.Apr.2009 1:44:23 PM   
mushtash

 

Posts: 43
Joined: 25.Feb.2009
Status: offline
Thanks again!!
In ISA Session there are Intenal IP addresses shows user name as Anonymous and client type SecureNAT and Web Proxy
eg: 192.168.11.20 SecureNAT Anonymous
     192.16811.20 Web Proxy  Anonymous

I will send some session log later so that you can advice if there is anything to change.

(in reply to mushtash)
Post #: 8
RE: How to block Porn Tube Sites - 30.Apr.2009 2:26:16 PM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
Yes, annonymous is there because your not authenticating the users on the Access Rule. You are using "All Users"

To have the users appear there you have to use "all Authenticated users" but again that will be an issue with your MAC users and the machines which arent domain joined.

_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to mushtash)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> HTTP Filtering >> How to block Porn Tube Sites Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts