Getting started with Microsoft ISA Server 2006, Part 12: Block Windows Live Messenger

This entry is part 12 of 12 in the series Getting started with Microsoft ISA Server 2006

Block Windows Live Messenger

From Part 11: HTTP Filtering, you learn about HTTP filtering concept. Now let’s apply it with a real world example, Windows Live Messenger. On this post, I show you how to block Windows Live Messenger on ISA Server 2006. Windows Live Messenger is a popular instant messaging application, many people using it regularly. But sometimes, people use it at work place and unintentionally receive a file containing virus. Then, they execute it, so the virus spread on the network. Therefore, it is a task of an IT staff to secure the system and prevent this issue. The best and effective solution is to enforce strictly firewall policy. But sometimes, you cannot do that. For example, users on research department want access to any websites (HTTP) because they do not know what websites they want to access until they need. Then, you have to create an access rule to allow HTTP to from Internal to External for these users. Now they can use Windows Live Messenger because Windows Live Messenger communicates with its servers through either of these ports:

  • MSN Messenger protocol (TCP: 1863).
  • HTTP protocol (TCP: 80).

If you block only MSN Messenger protocol, users still can use Windows Live Messenger through HTTP protocol. Now what should you do? Block HTTP protocol? Doing that will also block users to access websites so you cannot do that. Here it comes, HTTP filtering. You can block only Windows Live Messenger on ISA Server without blocking the HTTP protocol if you know the signature. HTTP header is also the signature.

So what is the signature of Windows Live Messenger? I have sniffed HTTP packets while I signing to Windows Live Messenger. Here are the signature and protocol port of Windows Live Messenger:

  • The client communicates with the server of Windows Live Messenger using TCP outbound port 1863.
    Windows Live Messenger TCP Packets
  • While the client requesting information from the server (request header), one signature of it is User-Agent: Windows Live Messenger.
    User-Agent: Windows Live Messenger HTTP packet

Now I show you how to configure to block Windows Live Messenger on ISA Server 2006.

Step-by-step

  1. Create an access rule to block TCP outbound port 1863. ISA Server 2006 already has pre-defined this port as MSN Messenger protocol. I am not going to show detail steps on creating an access rule. You can review them at Part 7: Create DNS Lookup Rule and Part 8: Create Web Access Rule.
    • Rule Name: Block Windows Live Messenger
    • Action: Deny
    • Protocol: MSN Messenger
    • From: Internal
    • To: External
    • Condition: All Users

    Create Access Rule to Block MSN Messenger Protocol

  2. Next, configure HTTP filtering to block the signature of Windows Live Messenger. Right click on “Allow HTTP, HTTPS for Linglom” and select Configure HTTP.
    Note: This menu option available on an access rule that contains HTTP protocol only.
    Configure HTTP
  3. On Configure HTTP policy for rule, click on Signatures tab and click Add.
    Add Signature to Rule
  4. On Signature, enter these information below to block Windows Live Messenger and then click OK.
    • Name: Blocks Windows Live Messenger or any name as you want.
    • Search in: Request headers
    • HTTP header: User-Agent:
    • Signature: Windows Live Messenger

    Note: Don’t forget semi-colon (:) after User-Agent text.
    The Signature of Windows Live Messenger

  5. Back to Configure HTTP policy for rule, you see the signature has been created for this rule. You also can disable the signature by un-check it. On this example, leave it as checked to enable the signature. Click OK.
    Blocks Windows Live Messenger
  6. Don’t forget to click Apply to update the configuration.
    Apply Configurations
  7. Let’s try to sign in Windows Live Messenger on the client computer, you see that I cannot sign in any more.
    Can't Sign in on Windows Live Messenger

Summary

Now You have reach the end of Getting started with Microsoft ISA Server 2006 series. This series contains 12 parts: it gives you an introduction of ISA Server 2006, how to install and configure ISA Server 2006 on simple environment, how to create an access rule, and how to use some useful features on ISA Server 2006. I hope you get what you want on this series. If you have any comment or suggestion, feel free to leave it below.

Series Navigation<< Getting started with Microsoft ISA Server 2006, Part 11: HTTP Filtering

21 Comments

  1. kamran July 11, 2010
  2. linglom July 15, 2010
  3. santosh August 4, 2010
  4. santosh August 4, 2010
  5. linglom August 19, 2010
  6. santosh August 20, 2010
  7. linglom August 23, 2010
  8. santosh August 23, 2010
  9. Steve September 14, 2010
  10. pkdip September 15, 2010
  11. pkdip September 15, 2010
  12. ramesh.l September 24, 2010
  13. Mohammad December 24, 2010
  14. Manolis January 31, 2011
  15. soufiane March 1, 2011
  16. raju March 31, 2011
  17. Lou October 12, 2011
  18. Graham Brewer December 12, 2011
  19. Jack January 20, 2012
  20. Jack January 20, 2012
  21. MAT September 28, 2013

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.