Re: Content Filtering

From: T.Mohamed (tarek_at_cafe.org.eg)
Date: 01/23/05 

Date: Sun, 23 Jan 2005 17:26:37 +0300

hello

HTTP Filter

Enhancements in ISA Server 2004 allow it to comprehensively inspect all
vital aspects of HTTP communications. HTTP is the core information transfer
technology for Web-based content. HTTP filtering can be used with
information requests originating from users for internal and external Web
servers, and with all requests for information from the organization’s Web
servers.

Using ISA Server 2004, an administrator can also block requests for specific
file names, types of files, dynamic responses to Web pages (such as online
forms that can be used to send sensitive organization information), and even
Web pages that contain specific words or character strings.

ISA Server 2004 allows an administrator to perform deeper Web content
inspection and specify exactly what information (called a ‘signature’) the
firewall should look for and block. Signatures can be based on the following
criteria:

  1.. • Requested Web site

  2.. • Information contained in any portion of the request by the user

  3.. • Information contained in any portion of the response by the Web
server

Suppose your organization wants to block all Web pages that contain the word
Hacker. An administrator can create a signature that detects this value and
blocks it, ensuring that users affected by the rule will never receive a Web
page containing this term. Great flexibility is added by the fact that you
can configure these rules on a per-user or per-group basis, so that you can
block the content only for specified users, rather than being forced to
block it for all users.

HTTP filtering can also be used to protect your Web servers(s) by detecting
and blocking potentially harmful, abnormal information contained in a Web
request or response. This feature can stop hackers before they are allowed
to communicate with your Web server. Internet intruders often depend on
uploading tools to a Web site they wish to attack or using tools already
located on the Web server. HTTP application layer filtering can be
configured to block attackers from issuing the commands that are used to run
these tools.

Relevant Pages

  • RE: Outlook RPC over HTTp deosnt work
    ... try to use RPC over HTTP to connect the Exchange Server. ... What SBS is running on the problematic Server? ...
    (microsoft.public.windows.server.sbs)
  • Code feedback
    ... all I would like some feedback on a multithreaded HTTP server I've ... The server serves python-scripts by dynamically loading scripts ... # Basic, threaded HTTP server, serving requests via python scripts ...
    (comp.lang.python)
  • RE: CEICW after loading third party certificate
    ... Requests appear to come from the ISA Server computer ... Requests appear to come from the original client. ...
    (microsoft.public.windows.server.sbs)
  • Re: IIS not responding to some requests Error: 12029
    ... Error 12029 is *not* a HTTP status code. ... connect to the internet (I assume that you do *not* see anything in the IIS ... logs that matches these requests from XMLHTTP? ... The error frequency is not correlated to server activity. ...
    (microsoft.public.inetserver.iis)
  • Re: Forwarding IP addresses Through ISA
    ... the requests not quite matching up in all cases (eg, ... > WEBEXTnnnn logs myself I see what you mean. ... >> you can configure Server Publishing, ... >> Internet through ISA Server as a SecureNAT client). ...
    (microsoft.public.isaserver)