How Can I Install a Blacklist in ISA Server?

How Can I Install a Blacklist in ISA Server?

  • Comments 7
  • Likes

Lists of various categories of Web sites to which you may want to block access to some or all users in your organization are available on the Web and from other sources. The files containing such lists may have one of four typical formats:

  • A text file containing a list of domain names.
  • A text file containing a list of URLs.
  • An .xml file created by exporting a domain name set.
  • An .xml file created by exporting a URL set.

 Before describing how to install these files, let's quickly review the differences between domain name sets and URL sets. A domain name set is a rule element that can be defined in an array or on the enterprise level (in Enterprise Edition). Each domain name set holds a set of domain names that can be applied to cache rules, routing rules, access rules, and system policy rules. The domain names included in a domain name set may be specified in either of the following formats:

  • Fully qualified domain name (FQDN) (for example, www.northwindtraders.com)
  • Domain Name System (DNS) suffix (for example, *.net)

Domain names specified in other formats may be included, but these are ignored.

 

A URL set is also a rule element that can be defined in an array or on the enterprise level (in Enterprise Edition). Each URL set contains a set of URLs that can be applied to rules that control HTTP traffic, including cache rules, routing rules, access rules, and system policy rules.

 

Each URL in a URL set may include a host name and a path. Wildcard characters are allowed. However, URLs containing a question mark (?) that are included in a URL set are ignored. A protocol (HTTP, HTTPS, or FTP) and a port number may be included, but these are ignored.

  • Host names may be specified in any of the following formats:
  • FQDN (for example, www.northwindtraders.com)
  • DNS suffix (for example, *.net)
  • IP address
  • Wildcard character (*)

 Paths may be specified in any of the following formats:

  • Full path (for example, default.htm)
  • Prefix (for example, /pictures/travel/* or /*)

 A list of domain names in a text file can be added to a domain name set using a script, and a list of URLs in a text file can be added to a URL set using a script. For scripts that perform these tasks and additional relevant information, see Adding Lists to Domain Name Sets and URL Sets at the Microsoft TechNet Web site. The scripts in this article are suitable for both ISA Server 2006 and ISA Server 2004.

 

The domain name set defined in an .xml file created by exporting a domain name set can be installed by importing the .xml file. This is accomplished by performing the following steps.

 

  1. Open ISA Server Management.
  2. In the console tree, click Firewall Policy. This step can be performed as follows:
    • For ISA Server Enterprise Edition, expand Microsoft Internet Security and Acceleration Server 2006 (or 2004), expand Arrays, expand Array_Name, and then click Firewall Policy.
    • For ISA Server Standard Edition, expand Microsoft Internet Security and Acceleration Server 2006 (or 2004), expand Server_Name, and then click Firewall Policy.
  1. On the Toolbox tab, click Network Objects.
  2. Right-click Domain Name Sets.
  3. Click Import All.
  4. In ISA Server 2006, follow the instructions in the Import Wizard. In ISA Server 2004, select the .xml file and click Import.

Note that the name of the new domain name set is defined in the .xml file.

 

 

The URL set defined in an .xml file created by exporting a URL set can be installed by importing the .xml file. This is accomplished by performing the following steps.

 

  1. Open ISA Server Management.
  2. In the console tree, click Firewall Policy. This step can be performed as follows:
    • For ISA Server Enterprise Edition, expand Microsoft Internet Security and Acceleration Server 2006 (or 2004), expand Arrays, expand Array_Name, and then click Firewall Policy.
    • For ISA Server Standard Edition, expand Microsoft Internet Security and Acceleration Server 2006 (or 2004), expand Server_Name, and then click Firewall Policy.
  1. On the Toolbox tab, click Network Objects.
  2. Right-click URL Sets.
  3. Click Import All.
  4. In ISA Server 2006, follow the instructions in the Import Wizard. In ISA Server 2004, select the .xml file and click Import.

Note that the name of the new URL set is defined in the .xml file.

 

 

Pesach Shelnitz

ISA Server Team

Comments
  • After I've been imported this url's sets and dns stes, I can't export my roles and make a backup. I've been aplied the last patch. What can I do ?

  • Hello! Very interesting. Thank you.

  • The blacklists contain "deniesite" or "http://deniesite"

    the rule work fine but if the users write "http://www.deniesite" the rule do not work !

    Why ?

  • Please I have quite a number of xml files to be impoported but I am not allowed to. I use ISA server 2006 enterprise edt and it complains that the rule for a standard edition can not be imported into an enterprise edition.

    Kindly help out on how to import the xml files to create deny rules for reted site.

    Regards,

    Send me your responese @ thamola@yahoo.com

  • Try this:

    create a blacklist in ISA2006 Enterprise with several URLs/Domains.

    Export this blacklist.xml!

    Now you copy the xml tag into your other blacklist and remove the old one of the standart edition. Dont forget to change the name of the Set in the xml clode.

    now you should can import the new blacklist.

  • What to do if user get web-sites without proxy or by IP-address?

  • ">

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment