Getting started with Microsoft ISA Server 2006, Part 11: HTTP Filtering

This entry is part 11 of 12 in the series Getting started with Microsoft ISA Server 2006

HTTP Filtering

From Part 10: Logging, you learn how to configure and use logging on ISA Server 2006. Now, you will learn about HTTP filtering.Have you ever want to block users using MSN or Yahoo messenger, or deny them to using free email services, or block them to post anything on web boards, or block them to use bit-torrent to download files? This post will answer these questions with Microsoft ISA Server 2006.

HTTP traffic is a data packet using HTTP protocol on the network which is used by most applications. On each packet of HTTP traffic, there is a header which contains information about server and client that are communicating each other at the time. These header information are such as:

  • Request Methods. For example, GET, POST, CONNECT.
  • User-Agent, such as Mozilla/4.0, Mozilla/5.0, Firefox
  • Content-Type. The mime type of the body of the request, such as application/x-www-form-urlencoded, application/xml, image/jpeg, text/xml.
  • Host. The domain name of the server, for example,,

For more information about HTTP, see these links from

So why learn about these HTTP headers? You can use these HTTP headers information to block or allow specific application on ISA Server 2006. Still not get it? Let’s see some examples of real HTTP traffic.

You can use some sniffer program to capture data packets that pass in/out through a network interface card on a computer. On this example, I use Ethereal. I install it on the same server as ISA Server 2006 but you can install and test on any computer as you want. Then, I start capturing packets on the network interface card that connects to the Internet and browse to using Internet Explorer.
Browse to

After that, I see these HTTP traffics on ethereal. First, My computer sends a HTTP request to the web server (
Detail: Request Method is GET. User-Agent is Mozilla/4.0 (compatible: MSIE 6.0). HOST is
HTTP Request

Second, the web server has send HTTP response back to the client. The response packet looks similar as the figure below.
Detail: Response Code is 200 (OK). Content-Type is text/html.
HTTP Response

What’s Next?

Now you learn some concepts about HTTP and its header. Next, I will show how to use these information to block Windows Live Messenger on ISA Server 2006.

Series Navigation<< Getting started with Microsoft ISA Server 2006, Part 10: LoggingGetting started with Microsoft ISA Server 2006, Part 12: Block Windows Live Messenger >>


  1. Mark October 26, 2010
  2. linglom October 27, 2010

Leave a Reply