• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

HTTP Filter settings to block script injection in URLs/policies to block the conficker virus request

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> HTTP Filter settings to block script injection in URLs/policies to block the conficker virus request Page: [1]
Login
Message << Older Topic   Newer Topic >>
HTTP Filter settings to block script injection in URLs/... - 10.Nov.2009 4:10:41 AM   
srjshiva

 

Posts: 28
Joined: 22.Dec.2008
Status: offline
All,

Find the below useful scripts from many post in the forum.
http://www.isatools.org/tools/block_inject.vbs-HTTP Filter settings to block script injection in URLs.
http://www.isatools.org/tools/block_conficker.vbs-policies to block the conficker virus requests.

I have ISA 2004 EE & using enterprise policy for all arrays
1.Need to understand what changes the script does on the HTTP filter.
2.Can i see the new filter added.
3.Will the script do changes on all the rules where filter is enabled.If so how to do it for selected rules.
4.Incase of Rollback will restore  of the enterprise policy from the backup help.
Or any other rollback methodology.

Kindly suggest.

_____________________________

Regards,
Shiv
Post #: 1
RE: HTTP Filter settings to block script injection in U... - 11.Nov.2009 2:55:50 AM   
srjshiva

 

Posts: 28
Joined: 22.Dec.2008
Status: offline
All,

Sorry for troubling.Tested the Script blocking conficker in my test bench.

It adds the below signature files to all allow rules.

Name:CONFICKER-1
Descrption:request URL 'search?q=%d&aq=7' trigger
Search in:Request URL
Signature :search?q=%d&aq=7

Name:CONFICKER-2
Descrption:request URL 'search?q=%d' trigger
Search in:Request URL
Signature :search?q=%d

_____________________________

Regards,
Shiv

(in reply to srjshiva)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> HTTP Filter settings to block script injection in URLs/policies to block the conficker virus request Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts