• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

How to block downloading via HTTPS

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> General >> How to block downloading via HTTPS Page: [1]
Login
Message << Older Topic   Newer Topic >>
How to block downloading via HTTPS - 10.Nov.2009 1:06:47 AM   
hoomi_mcse

 

Posts: 12
Joined: 10.Nov.2009
Status: offline
Hello everyone, I need a bit of help!
I'm an ISA 2004 administrator in a company and I have a little problem. I have blocked HTTP downloading by using "configure http" and using file extensions filter and it working perfectly, but still users can download any files from their e-mails or from SSL proxy websites like https://linuxs.info . I want to block https downloading without blocking https . can you help me and suggest me a good way? and is there any specific port that https use for downloading ? rather than 443 I mean.

thank you  
Post #: 1
RE: How to block downloading via HTTPS - 10.Nov.2009 2:05:04 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
You could block by domain name, but that is quite an overhead. Have you considered a third party URL filter like Websense?

Alternatively, the next version of ISA (called TMG) will feaure integrated URL filteting and also allow you to provide HTTPS inspection for outbound connections. This is due for release Q4 this year...

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to hoomi_mcse)
Post #: 2
RE: How to block downloading via HTTPS - 10.Nov.2009 2:43:17 AM   
hoomi_mcse

 

Posts: 12
Joined: 10.Nov.2009
Status: offline
thank for reply mate

actually I've tried blocking domain but it affects on http only! when I'm creating an URL set ,it says that it's only applicable for http traffic. it seems that  it's not even possible to filter a https URL.
has anyone else here experienced my problem?

(in reply to Jason Jones)
Post #: 3
RE: How to block downloading via HTTPS - 10.Nov.2009 3:13:36 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Try using domain name sets; URL sets are limited to HTTP only...

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to hoomi_mcse)
Post #: 4
RE: How to block downloading via HTTPS - 10.Nov.2009 4:28:29 AM   
hoomi_mcse

 

Posts: 12
Joined: 10.Nov.2009
Status: offline
wow thank mate, yeah now it works with specific https URLs. but still I can't find out how it is possible to block downloading files via e-mail like gmail . 

thank again for your useful help mate :)

(in reply to Jason Jones)
Post #: 5
RE: How to block downloading via HTTPS - 10.Nov.2009 7:32:57 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

there are also two third-party products that can help to block HTTPS:

http://www.redline-software.com/eng/products/tk/components/ssl_decoder.php (Free)
http://www.collectivesoftware.com/Products/ClearTunnel (Not free)

About Gmail, you can take a look at this article series:
http://www.carbonwind.net/ISA/HTTPSig/HTTPSig1.htm

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to hoomi_mcse)
Post #: 6
RE: How to block downloading via HTTPS - 11.Nov.2009 3:53:33 AM   
hoomi_mcse

 

Posts: 12
Joined: 10.Nov.2009
Status: offline
Hey
thank for useful helps. but the first software is also a trial version and is not free .
is there any free full version of such softwares?

(in reply to paulo.oliveira)
Post #: 7
RE: How to block downloading via HTTPS - 11.Nov.2009 3:58:36 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
The only way to solve the problem (if you cannot block the top-level domain name) is to utilise some form of HTTPS inspection. Paulo provided a couple of third-party options...

In my opinion, the route of least resistence for this (and the best way IMHO) is to move to TMG as this is a native feature. I know "you need to upgrade..." is not an ideal answer, but ISA Server 2004 was never developed to support this need.

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to hoomi_mcse)
Post #: 8
RE: How to block downloading via HTTPS - 11.Nov.2009 4:19:25 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

are you sure SSL Decoder is just a trial??

About what Jason said, I totally agree with him. You may start thinking upgrade from ISA 2004 to TMG. Another reason to think about that is because ISA 2004 mainstream support has ended last month:

http://blogs.technet.com/isablog/archive/2009/10/05/mainstream-support-ending-for-isa-server-2004-standard-edition-sp3.aspx

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to hoomi_mcse)
Post #: 9
RE: How to block downloading via HTTPS - 30.Nov.2009 6:03:10 AM   
hoomi_mcse

 

Posts: 12
Joined: 10.Nov.2009
Status: offline
quote:

On this page you can download free trial versions of our products and use them for 40 days.

yeah it's only free for 40 days .
and what is TMG by the way?

(in reply to paulo.oliveira)
Post #: 10
RE: How to block downloading via HTTPS - 30.Nov.2009 5:48:17 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Next generation of ISA...

http://www.microsoft.com/forefront/threat-management-gateway/en/us/

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to hoomi_mcse)
Post #: 11
RE: How to block downloading via HTTPS - 1.Dec.2009 2:25:34 AM   
hoomi_mcse

 

Posts: 12
Joined: 10.Nov.2009
Status: offline
cool I didn't know that. is it similar to ISA? can I work with it with no problem? I have ISA 2004 MCP and ISA 2006 MCTS and I've worked with both ISAs for 2 years. now Do you think without any  further course or study I can work with TMG?

(in reply to Jason Jones)
Post #: 12
RE: How to block downloading via HTTPS - 1.Dec.2009 12:56:22 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
quote:

ORIGINAL: hoomi_mcse

quote:

On this page you can download free trial versions of our products and use them for 40 days.

yeah it's only free for 40 days .
and what is TMG by the way?

Hi,

it is not trial, it is free:
quote:


ISA Server (Forefront TMG) Toolkit is a set of free tools making the work of a Microsoft ISA Server (Forefront TMG) administrator easier.

Source: http://www.redline-software.com/eng/products/tk/


But, I suggest you take a lookt at TMG. The concepts are the same, with additional features.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to hoomi_mcse)
Post #: 13
RE: How to block downloading via HTTPS - 2.Dec.2009 12:49:24 AM   
hoomi_mcse

 

Posts: 12
Joined: 10.Nov.2009
Status: offline
yeah you are right . it's free but still it can't solve https downloading problem. thank anyway :)
and yeah I've read some article about TMG and it looks like ISA with more futures.

(in reply to paulo.oliveira)
Post #: 14

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> General >> How to block downloading via HTTPS Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts