FW_H_BlockHTTPSignature

  • Article

To block specified HTTP signatures

  1. In the console tree of ISA Server Management, click Firewall Policy.

  2. In the details pane, click the applicable access rule or Web publishing rule.

  3. On the Tasks tab, click Edit Selected Rule.

  4. On the Traffic tab (for Web publishing rules) or on the Protocols tab (for access rules), click Filtering, and then click Configure HTTP.

  5. On the Signatures tab, click Add.

  6. On the Signature page, do the following:

    • In Name, type the name that you will use to identify the signatures.
    • In Search in, select Request URL, Request headers, Request body, Response headers, or Response body.
    • In Signature, type the signature string, which when found in the selected request header, request body, response header, or response body will be blocked.
    • If you selected Request body or Response body, in From and in To, type the range in the body to search.
    • If you selected Request body or Response body, in Format, select Text or Binary, to indicate the format of the search string.

  7. On the Signatures tab, you can use the check box next to each signature to enable or disable the signature. Select Show only enabled search strings to display only the enabled signatures.

Note

For more information about HTTP filtering, see HTTP Filtering Concepts in ISA Server 2006 at the Microsoft ISA Server TechCenter Web site (https://www.microsoft.com).
To open ISA Server Management, click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.
For ISA Server 2006 Enterprise Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Arrays, expand Array_Name, and then click Firewall Policy.
For ISA Server 2006 Standard Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Server_Name, and then click Firewall Policy.

Important

When you specify a signature search on a request body or a response body, for performance reasons, we recommend that you specify a small byte range (specified by From and To).
When you block specific signatures, you are essentially blocking applications that tunnel traffic over HTTP and can be characterized by specific patterns in request headers, request body, response headers, and response body (for example, Windows Messenger). HTTP signature blocking will not block applications that use different types of content-encoding or range requests.
All HTTP requests and responses must be UTF-8 encoded for text signature blocking to be performed.
After you click Apply in the details pane, the policy is updated. The new policy applies only to new connections.