Linglom's blog

This article is one of the series of Getting started with Microsoft ISA Server 2006. You can see the index of this series at Getting started with Microsoft ISA Server 2006, Part 1: Introduction.

Block Windows Live Messenger

From Part 11: HTTP Filtering, you learn about HTTP filtering concept. Now let’s apply it with a real world example, Windows Live Messenger. On this post, I show you how to block Windows Live Messenger on ISA Server 2006.

Windows Live Messenger is a popular instant messaging application, many people using it regularly. But sometimes, people use it at work place and unintentionally receive a file containing virus. Then, they execute it, so the virus spread on the network. Therefore, it is a task of an IT staff to secure the system and prevent this issue. The best and effective solution is to enforce strictly firewall policy. But sometimes, you cannot do that. For example, users on research department want access to any websites (HTTP) because they do not know what websites they want to access until they need. Then, you have to create an access rule to allow HTTP to from Internal to External for these users. Now they can use Windows Live Messenger because Windows Live Messenger communicates with its servers through either of these ports:

• MSN Messenger protocol (TCP: 1863).
• HTTP protocol (TCP: 80).

If you block only MSN Messenger protocol, users still can use Windows Live Messenger through HTTP protocol. Now what should you do? Block HTTP protocol? Doing that will also block users to access websites so you cannot do that. Here it comes, HTTP filtering. You can block only Windows Live Messenger on ISA Server without blocking the HTTP protocol if you know the signature. HTTP header is also the signature.

So what is the signature of Windows Live Messenger? I have sniffed HTTP packets while I signing to Windows Live Messenger. Here are the signature and protocol port of Windows Live Messenger:

• The client communicates with the server of Windows Live Messenger using TCP outbound port 1863.
  
• While the client requesting information from the server (request header), one signature of it is User-Agent: Windows Live Messenger.
  

Now I show you how to configure to block Windows Live Messenger on ISA Server 2006.

Step-by-step

1. Create an access rule to block TCP outbound port 1863. ISA Server 2006 already has pre-defined this port as MSN Messenger protocol. I am not going to show detail steps on creating an access rule. You can review them at Part 7: Create DNS Lookup Rule and Part 8: Create Web Access Rule.
   • Rule Name: Block Windows Live Messenger
   • Action: Deny
   • Protocol: MSN Messenger
   • From: Internal
   • To: External
   • Condition: All Users

   

2. Next, configure HTTP filtering to block the signature of Windows Live Messenger. Right click on “Allow HTTP, HTTPS for Linglom” and select Configure HTTP.
   Note: This menu option available on an access rule that contains HTTP protocol only.
   
3. On Configure HTTP policy for rule, click on Signatures tab and click Add.
   
4. On Signature, enter these information below to block Windows Live Messenger and then click OK.
   • Name: Blocks Windows Live Messenger or any name as you want.
   • Search in: Request headers
   • HTTP header: User-Agent:
   • Signature: Windows Live Messenger

   Note: Don’t forget semi-colon (:) after User-Agent text.
   

5. Back to Configure HTTP policy for rule, you see the signature has been created for this rule. You also can disable the signature by un-check it. On this example, leave it as checked to enable the signature. Click OK.
   
6. Don’t forget to click Apply to update the configuration.
   
7. Let’s try to sign in Windows Live Messenger on the client computer, you see that I cannot sign in any more.
   

Summary

Now You have reach the end of Getting started with Microsoft ISA Server 2006 series. This series contains 12 parts: it gives you an introduction of ISA Server 2006, how to install and configure ISA Server 2006 on simple environment, how to create an access rule, and how to use some useful features on ISA Server 2006. I hope you get what you want on this series. If you have any comment or suggestion, feel free to leave it below.