• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Repost - Blocking downloads

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> Repost - Blocking downloads Page: [1]
Login
Message << Older Topic   Newer Topic >>
Repost - Blocking downloads - 1.Feb.2005 12:59:00 PM   
dinodod

 

Posts: 100
Joined: 1.Oct.2004
Status: offline
"[Mad]" "[Mad]" "[Mad]"
I posted this question nearly a month ago so I am reposting it, hoping someone can answer it

Ok, I thought I could but it turns out I can't seem to block a simple CAB file from this one site (now I have to scour my logs for other instances)
These cabs are getting thru using the below content filter

http://a1540.g.akamai.net/7/1540/52/20031027/qtinstall.info.apple.com/qtactivex/qtplugin.cab
http://download.windowsupdate.com/msdownload/update/v5/redir/wuredir.cab?0501121625
http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
http://qtinstall.apple.com/qtactivex/qtplugin.cab
http://www-3.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab

Can anyone inform me what I need to filter to actually block these from getting installed? The mime types are there as far as I read.

I'm running ISA 2004 Standard in Single NIC mode but that should be ok...

Here is my content filter:

<?xml version="1.0" encoding="UTF-8"?>
<fpc4:Root xmlns:fpc4="http://schemas.microsoft.com/isa/config-4" xmlns:dt="urn:schemas-microsoft-com:datatypes" StorageName="FPC" StorageType="0">
<fpc4:Build dt:dt="string">4.0.2161.50</fpc4:Build>
<fpc4:Comment dt:dt="string"/>
<fpc4:Edition dt:dt="int">80</fpc4:Edition>
<fpc4:ExportItemClassCLSID dt:dt="string">{B79B86B7-0B14-46C5-BF4F-C76A63E28582}</fpc4:ExportItemClassCLSID>
<fpc4:ExportItemStorageName dt:dt="string">{C65F0133-7738-4121-B3AE-45A19B4A5B91}</fpc4:ExportItemStorageName>
<fpc4:IsaXmlVersion dt:dt="string">1.0</fpc4:IsaXmlVersion>
<fpc4:OptionalData dt:dt="int">4</fpc4:OptionalData>
<fpc4:Upgrade dt:dt="boolean">0</fpc4:Upgrade>
<fpc4:Arrays StorageName="Arrays" StorageType="0">
<fpc4:Array StorageName="{21D72885-111F-443B-8285-95E62E3AD819}" StorageType="0">
<fpc4:Components dt:dt="int">-1</fpc4:Components>
<fpc4:Name dt:dt="string"/>
<fpc4:RuleElements StorageName="RuleElements" StorageType="0">
<fpc4:ContentTypeSets StorageName="ContentTypeSets" StorageType="0">
<fpc4:ContentTypeSet StorageName="{C65F0133-7738-4121-B3AE-45A19B4A5B91}" StorageType="1">
<fpc4:ContentStrings>
<fpc4:Str dt:dt="string">application/cab</fpc4:Str>
<fpc4:Str dt:dt="string">application/fractals</fpc4:Str>
<fpc4:Str dt:dt="string">application/hta</fpc4:Str>
<fpc4:Str dt:dt="string">application/internet-property-stream</fpc4:Str>
<fpc4:Str dt:dt="string">application/mac-binhex40</fpc4:Str>
<fpc4:Str dt:dt="string">application/octet-stream</fpc4:Str>
<fpc4:Str dt:dt="string">application/oda</fpc4:Str>
<fpc4:Str dt:dt="string">application/oleobject</fpc4:Str>
<fpc4:Str dt:dt="string">application/olescript</fpc4:Str>
<fpc4:Str dt:dt="string">application/pics-rules</fpc4:Str>
<fpc4:Str dt:dt="string">application/pkcs10</fpc4:Str>
<fpc4:Str dt:dt="string">application/pkcs7-mime</fpc4:Str>
<fpc4:Str dt:dt="string">application/pkcs7-signature</fpc4:Str>
<fpc4:Str dt:dt="string">application/pkix-crl</fpc4:Str>
<fpc4:Str dt:dt="string">application/set-payment-initiation</fpc4:Str>
<fpc4:Str dt:dt="string">application/set-registration-initiation</fpc4:Str>
<fpc4:Str dt:dt="string">application/vndms-pkicertstore</fpc4:Str>
<fpc4:Str dt:dt="string">application/vndms-pkipko</fpc4:Str>
<fpc4:Str dt:dt="string">application/vndms-pkiseccat</fpc4:Str>
<fpc4:Str dt:dt="string">application/vndms-pkistl</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-bcpio</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-cdf</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-compress</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-compressed</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-cpio</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-csh</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-dvi</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-hdf</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-internet-signup</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-iphone</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-latex</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-msdownload</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-msmediaview</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-mspublisher</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-msschedule</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-netcdf</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-pkcs12</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-pkcs7-certificates</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-pkcs7-certreqresp</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-sh</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-shar</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-stuffit</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-sv4cpio</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-sv4crc</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-tcl</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-tex</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-texinfo</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-troff</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-troff-man</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-troff-me</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-troff-ms</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-ustar</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-wais-source</fpc4:Str>
<fpc4:Str dt:dt="string">application/x-x509-ca-cert</fpc4:Str>
<fpc4:Str dt:dt="string">text/scriptlet</fpc4:Str>
<fpc4:Str dt:dt="string">zz-application/zz-winassoc-cab</fpc4:Str>
<fpc4:Str dt:dt="string">.acx</fpc4:Str>
<fpc4:Str dt:dt="string">.axs</fpc4:Str>
<fpc4:Str dt:dt="string">.bcpio</fpc4:Str>
<fpc4:Str dt:dt="string">.bin</fpc4:Str>
<fpc4:Str dt:dt="string">.cab</fpc4:Str>
<fpc4:Str dt:dt="string">.cat</fpc4:Str>
<fpc4:Str dt:dt="string">.cdf</fpc4:Str>
<fpc4:Str dt:dt="string">.cer</fpc4:Str>
<fpc4:Str dt:dt="string">.cpio</fpc4:Str>
<fpc4:Str dt:dt="string">.crl</fpc4:Str>
<fpc4:Str dt:dt="string">.crt</fpc4:Str>
<fpc4:Str dt:dt="string">.csh</fpc4:Str>
<fpc4:Str dt:dt="string">.dcr</fpc4:Str>
<fpc4:Str dt:dt="string">.der</fpc4:Str>
<fpc4:Str dt:dt="string">.dir</fpc4:Str>
<fpc4:Str dt:dt="string">.dll</fpc4:Str>
<fpc4:Str dt:dt="string">.dvi</fpc4:Str>
<fpc4:Str dt:dt="string">.dxr</fpc4:Str>
<fpc4:Str dt:dt="string">.evy</fpc4:Str>
<fpc4:Str dt:dt="string">.exe</fpc4:Str>
<fpc4:Str dt:dt="string">.fif</fpc4:Str>
<fpc4:Str dt:dt="string">.hdf</fpc4:Str>
<fpc4:Str dt:dt="string">.hqx</fpc4:Str>
<fpc4:Str dt:dt="string">.hta</fpc4:Str>
<fpc4:Str dt:dt="string">.iii</fpc4:Str>
<fpc4:Str dt:dt="string">.ins</fpc4:Str>
<fpc4:Str dt:dt="string">.isp</fpc4:Str>
<fpc4:Str dt:dt="string">.latex</fpc4:Str>
<fpc4:Str dt:dt="string">.m13</fpc4:Str>
<fpc4:Str dt:dt="string">.m14</fpc4:Str>
<fpc4:Str dt:dt="string">.man</fpc4:Str>
<fpc4:Str dt:dt="string">.me</fpc4:Str>
<fpc4:Str dt:dt="string">.ms</fpc4:Str>
<fpc4:Str dt:dt="string">.msi</fpc4:Str>
<fpc4:Str dt:dt="string">.mvb</fpc4:Str>
<fpc4:Str dt:dt="string">.nc</fpc4:Str>
<fpc4:Str dt:dt="string">.oda</fpc4:Str>
<fpc4:Str dt:dt="string">.ods</fpc4:Str>
<fpc4:Str dt:dt="string">.p10</fpc4:Str>
<fpc4:Str dt:dt="string">.p12</fpc4:Str>
<fpc4:Str dt:dt="string">.p7b</fpc4:Str>
<fpc4:Str dt:dt="string">.p7c</fpc4:Str>
<fpc4:Str dt:dt="string">.p7m</fpc4:Str>
<fpc4:Str dt:dt="string">.p7r</fpc4:Str>
<fpc4:Str dt:dt="string">.p7s</fpc4:Str>
<fpc4:Str dt:dt="string">.pfx</fpc4:Str>
<fpc4:Str dt:dt="string">.pko</fpc4:Str>
<fpc4:Str dt:dt="string">.prf</fpc4:Str>
<fpc4:Str dt:dt="string">.pub</fpc4:Str>
<fpc4:Str dt:dt="string">.roff</fpc4:Str>
<fpc4:Str dt:dt="string">.scd</fpc4:Str>
<fpc4:Str dt:dt="string">.sct</fpc4:Str>
<fpc4:Str dt:dt="string">.setpay</fpc4:Str>
<fpc4:Str dt:dt="string">.setreg</fpc4:Str>
<fpc4:Str dt:dt="string">.sh</fpc4:Str>
<fpc4:Str dt:dt="string">.shar</fpc4:Str>
<fpc4:Str dt:dt="string">.sit</fpc4:Str>
<fpc4:Str dt:dt="string">.spc</fpc4:Str>
<fpc4:Str dt:dt="string">.spl</fpc4:Str>
<fpc4:Str dt:dt="string">.src</fpc4:Str>
<fpc4:Str dt:dt="string">.sst</fpc4:Str>
<fpc4:Str dt:dt="string">.stl</fpc4:Str>
<fpc4:Str dt:dt="string">.sv4cpio</fpc4:Str>
<fpc4:Str dt:dt="string">.sv4crc</fpc4:Str>
<fpc4:Str dt:dt="string">.t</fpc4:Str>
<fpc4:Str dt:dt="string">.tcl</fpc4:Str>
<fpc4:Str dt:dt="string">.tex</fpc4:Str>
<fpc4:Str dt:dt="string">.texi</fpc4:Str>
<fpc4:Str dt:dt="string">.texinfo</fpc4:Str>
<fpc4:Str dt:dt="string">.tr</fpc4:Str>
<fpc4:Str dt:dt="string">.ustar</fpc4:Str>
<fpc4:Str dt:dt="string">.vbs</fpc4:Str>
</fpc4:ContentStrings>
<fpc4:Name dt:dt="string">EXEs & MSIs</fpc4:Name>
</fpc4:ContentTypeSet>
</fpc4:ContentTypeSets>
</fpc4:RuleElements>
</fpc4:Array>
</fpc4:Arrays>
</fpc4:Root>
Post #: 1
RE: Repost - Blocking downloads - 1.Feb.2005 2:19:00 PM   
ianfermo

 

Posts: 235
Joined: 7.Nov.2004
From: Zamboanga, Philippines
Status: offline
Hi,

You can block extensions from the allow rule for web access. Right click then configure http policy for rule. Go to extensions and add .cab

Cheers,

(in reply to dinodod)
Post #: 2
RE: Repost - Blocking downloads - 1.Feb.2005 3:58:00 PM   
dinodod

 

Posts: 100
Joined: 1.Oct.2004
Status: offline
Which I have already done. These filters are not catching everything, cab & exe files are getting thru and I can not seem to block all of them. The cab files are showing up with different mime types which makes it really difficult to catch and stop them.

Is there something else I should be adding to further filter the files?

(in reply to dinodod)
Post #: 3
RE: Repost - Blocking downloads - 6.Feb.2005 3:01:00 AM   
dinodod

 

Posts: 100
Joined: 1.Oct.2004
Status: offline
I'm gong to play around with the option to Block executable content in the general tab of the access rule but why would the content rule not be working properly??

(in reply to dinodod)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> Repost - Blocking downloads Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts