One of the features in ISA Server 2006 is the ability to block traffic based on URL or Domain name. This means that traffic can be blocked for a particular website from ISA Server without disrupting the general Internet access rule.
I’ve compiled some Domain Name Sets and URL Sets from the Internet and zipped them for easy availability for ISA administrators. Download the ZIP file and extract it. Under Network Objects in the Toolbox tab, right click URL Sets and click Import. Choose a single XML file from the unzipped folder of URLs. Once you have imported all XMLs, follow the same procedure for Domain Name Sets.
The next step is to create a rule which denies traffic to the websites which are listed in the XML files that we imported. Start by creating a new rule. I’ve named my rule as “Block Custom Sites”.
In the Access Rule, choose “Deny”.
Under protocols, choose HTTP and HTTPS.
Under Sources, choose Internal and VPN Clients.
Under Destinations, choose the XML lists that we imported. You can add multiple XML files.
Remember to shift the rule that we created to the top of all rules and we are done.
Respected sir.
I also configure isa server it works fine but block yahoomail,gmail please guide me what i can do
Hi Lokesh,
You will need to block these using Signatures in your HTTP and HTTPS rules. I suggest you create seperate rules for blocking each.
Dear sir .
After install isa server 2006 I can block facebook and some other web site but hotmail and yahoomail not work and page not open(i am not block these site) please suggest me what i do ?
how to allow special users everything download and then deny others?
how to block facebook and some social sites?
Can any one help me regarding client access problem in ISA Server 2006.
After installing ISA server, Client is unable to access server 2003 and shared folder.
How ever browsing is running at client end through ISA.
I have also try create rules n add netbios name,dns etc.
Can any one tell me how to create rules to access server.
Hi Kashif,
When you say “unable to access server 2003″ are you unable to access this via UNC or RDP?
I am also not accress through remote connection.
Firewall client is also not connecting with ISA SERVER.
but browsing is running through proxy settings in browser.
Please suggest me the settings.
Thanks for prompt reply.
Login to the server directly (not over RDP). Open System Policy Editor and under Remote Management configuration group, select Terminal Server. Click on Remote Management Computers and add your PC’s IP to the list. Apply the new changes and you should be able to connect over RDP now. In case, if you want to manage the server using the Management Console from your PC, repeat the same process under the Microsoft Management configuration group.
Hi dear Mr. Vishal
I am already configured ISA Server 2006, internet controlling through IP based. I am configured four types of rules:-
1, Fully open whole time.
2, Limited time only
3, Full time mail (outlooks) only.
4, Certain time only full open.
I want to block some site expect 1st rule, i try to below mention method.
http://www.youtube.com/watch?v=3LYWFIuMK5M
this method is Ok but little only work after total internet is disconnected or blocked.
If you don’t mind please help me.
Hi Vijesh,
Where is the deny rule placed at? Is it at the top of the list of just above the default deny rule? Also, let me know the settings of the rule set.
Hi Vishal
How can we block the redirecting sites like hotmail.com redirected to login.live.com
I have add the below sites
*.login.live.com/login.srf
https://*.login.live.com
*.hotmail.com
But if I try for hotmail.com it is browsing
Can you please help me on this
Thankx in advance
Ganesh
Hi Ganesh,
Blocking hotmail, yahoo, gmail, etc. is not easy as they use many redirects and are also accessible from various areas of their websites. The best bet here is to create a rule that checks the HTTP headers for a definate signature. Create a rule, right click and configure HTTP filter, Click on Signatures tab and click Add.
For example, to block Live Messenger, I would add the following:
Signature: “login.live.com”
HTTP Header: “Host”
Search In: Request Headers
How can i configure the ISA server to block websites via user accounts. I have added the ISA to the existing domain and i am able to see the users on the domain. The problem is that the ISA is not blocking by user accounts but by IP addresses. Can you help
Hi Javed,
Before I can guide you on this, kindly provide more details as to how you have configured your ISA server. Are the client’s connecting using a firewall client, proxy settings or are using a direct gateway in their TCP/IP settings? Is ISA configured as a member of your Active Directory?
Sir, i want to attached your above maintain Block web site list to isa server 2006 with ADSL connection, Respected sir how can I do it
Please Help me
themessages@yahoo.com
Hi,
What problems are you facing while doing the setup? Did you follow the steps that have been outlined in the post?
Is it possible to use ISA 2006 to BLOCK users from ALL Web sites except for an administrative List of acceptable sites??
Thanks!
Yes, it is possible. What you would need to do is set a rule for HTTP and HTTPS allowing traffic to the set list of URL just above the default DENY TRAFFIC rule. Ensure that no other rule allows HTTP and HTTPS traffic.
i can’t add the xml to my isa 2004 ad it give me there is somthing wornf what i can do
Hi,
What error are you getting while importing the XML’s? Are you getting any specific error code?
dear sir , could you please let m eknow how to block the gmail chatting using isa server 2006.
please help me on this
Hi,
You will need to block this using “Signature”. Here is a link that would help you to get started with the signatures: http://technet.microsoft.com/en-us/library/cc302520.aspx. This is written for ISA 2004 but applies to ISA 2006 as well.
And how to allow specific users or computers access the blocked sites ?
Hi Daniel,
You can add computers or IP range and then put that in the exception list of the Blocked Sites rule.
I have successfully configured isa server 2006 and created allow rules for all users and deny rules for some of the users.
I have installed isa server on separate server 2003 which is not configured DNS and ADS.My problem is now can access the domain server but i cannot access the client systems from isa installed syatem.I can access the share folders from domain server but can not access the shared folders from clients systems.
I have created rule for DNS also. Allow – DNS HTTP HTTPS POB3 – all network set – external – all users But still i am facing the same problem.
Pls advice ASAP.
Thanks in advance.
Hi,
Can you check the system policy and see if traffic or access from Local Host is allowed to internal network?
Hi,
I have installed isa server 2006 and i followed above u mentioned and configured but still the users can able to access the websites.pls advice and sorry im very new for ISA servers
Thanks
Hi,
Have you moved the rule to the top of the list? Deny rule for websites should be the first rule in your ISA firewall rules list.
Hi thank you very much for your reply.I have finished partially because of your reply.But how to block gmail
they can login with igoogle.com or google.com itself.I wont block google but i want to block gmail and orkut.And pls advice how to block proxy websites also.
Thanks in advance,
Suthakar
Can you please tell me what is the tool you are used for creating bulk blocking websites?
Most of the site list has been taken out from the Internet. There are many URL’s and Site lists which are published on the public domain. The ZIP file that I have mentioned in my post is a compilation of all these plus the ones that I had been adding up. The XML have been exported from ISA 2006.
Hi Rajkumar,
You can download the website list from the following URL: http://www.vishalvasu.com/uploaded_images/ISA-Block-List.zip
This is a list that I have compiled. Make sure the block rule remains at the top in your ISA rule set.
Can you please help me in knowing the Bulk website list to add in CUstom url set