Microsoft KB Archive/925120

From BetaArchive Wiki

Article ID: 925120

Article Last Modified on 12/4/2007



APPLIES TO

  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2004 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition



INTRODUCTION

This article describes how to block MSN Messenger traffic and Windows Live Messenger traffic by using Microsoft Internet Security and Acceleration (ISA) Server 2004 or ISA Server 2006.

MORE INFORMATION

To block MSN Messenger traffic and Windows Live Messenger traffic by using ISA Server 2004 or ISA Server 2006, use one of the following methods:

  • Create a new access rule that blocks MSN Messenger traffic and Windows Live Messenger traffic over HTTP but still lets users access other Web sites by using HTTP. As soon as you create the rule, you must configure an HTTP policy rule and include the correct signatures.
  • Create a new access rule that blocks HTTP traffic, and then add the application/x-msn-messenger content type for this rule. Move the new rule to the top of the rules list.

Method 1: Create a new access rule and configure an HTTP policy rule that blocks MSN Messenger traffic and Windows Live Messenger traffic

Create the new access rule

  1. Log on to the computer that is running ISA Server 2004 or ISA Server 2006 by using an account that has administrative permissions.
  2. Click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.
  3. In the left pane of the ISA Server Management console, expand ServerName.


Notes

    • ServerName is a placeholder for the name of the computer that is running ISA Server.
    • If you are running ISA Server 2004 Enterprise Edition, expand Arrays in the left pane, and then expand ServerName.
  1. Click Firewall Policy.
  2. Click the Tasks tab in the task pane, and then click Create New Access Rule.
  3. On the Welcome to the New Access Rule Wizard page, enter the name for the rule in the Access Rule name box, and then click Next.
  4. On the Rule Action page, click Allow, and then click Next.
  5. On the Protocols page, click Selected protocols in the This rule applies to list, and then click Add.
  6. In the Add Protocols dialog box, expand Common Protocols.
  7. Double-click the HTTP protocol and the HTTPS protocol, click Close, and then click Next.
  8. On the Access Rule Sources page, click Add.
  9. In the Add Network Entities dialog box, expand Networks.
  10. Double-click Internal, click Close, and then click Next.
  11. On the Access Rule Destinations page, click Add.
  12. In the Add Network Entities dialog box, expand Networks.
  13. Double-click External, click Close, and then click Next.
  14. On the User Sets page, click All Users in the This rule applies to requests from the following user sets list, click Remove, and then click Add.
  15. In the Add Users dialog box, double-click All Authenticated Users, click Close, and then click Next.
  16. On the Completing the New Access Rule Wizard page, click Finish.

Configure the HTTP policy rule that blocks MSN Messenger traffic and Windows Live Messenger traffic

  1. In the left pane of the ISA Server Management console, right-click the access rule that you created, and then click Configure HTTP.
  2. In the Configure HTTP policy for rule dialog box, click the Signatures tab, and then click Add.
  3. In the Signature dialog box, enter a name for the signature in the Name field.
  4. In the Search in list, click Request headers.
  5. In the HTTP header box, type User-Agent:.
  6. To block MSN Messenger traffic, type MSN Messenger in the Signature box.
  7. To block Windows Live Messenger traffic, type Windows Live Messenger in the Signature box.
  8. Click OK, and then click OK again.
  9. In the ISA Server Management console, click Apply.

Method 2: Create a new access rule that blocks HTTP traffic, and then add the application/x-msn-messenger content type for this rule

Create the new access rule

  1. Log on to the computer that is running ISA Server 2004 or ISA Server 2006 by using an account that has administrative permissions.
  2. Click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.
  3. In the left pane of the ISA Server Management console, expand ServerName.


Notes

    • ServerName is a placeholder for the name of the computer that is running ISA Server.
    • If you are running ISA Server 2004 Enterprise Edition, expand Arrays in the left pane, and then expand ServerName.
  1. Click Firewall Policy.
  2. Click the Tasks tab in the task pane, and then click Create New Access Rule.
  3. On the Welcome to the New Access Rule Wizard page, enter the name for the rule in the Access Rule name box, and then click Next.
  4. On the Rule Action page, click Allow, and then click Next.
  5. On the Protocols page, click Selected protocols in the This rule applies to list, and then click Add.
  6. In the Add Protocols dialog box, expand Common Protocols.
  7. Double-click the HTTP protocol and the HTTPS protocol, click Close, and then click Next.
  8. On the Access Rule Sources page, click Add.
  9. In the Add Network Entities dialog box, expand Networks.
  10. Double-click Internal, click Close, and then click Next.
  11. On the Access Rule Destinations page, click Add.
  12. In the Add Network Entities dialog box, expand Networks.
  13. Double-click External, click Close, and then click Next.
  14. On the User Sets page, click All Users in the This rule applies to requests from the following user sets list, click Remove, and then click Add.
  15. In the Add Users dialog box, double-click All Authenticated Users, click Close, and then click Next.
  16. On the Completing the New Access Rule Wizard page, click Finish.

Add the application/x-msn-messenger content type for the rule and move the rule to the top of the rules list

  1. In the left pane of the ISA Server Management console, right-click the access rule that you created, and then click Properties.
  2. In the Properties dialog box, click the Content Types tab.
  3. Under This rule applies to, click Selected content types, and then click New.
  4. Enter a name in the Name box.
  5. In the Available types box, type application/x-msn-messenger, click Add, and then click OK two times.
  6. In the ISA Server Management console, click the new access rule.
  7. In the Tasks pane, click Move Selected Rules Up to move the new rule to the top of the rules list.
  8. Click Apply.



Additional query words: how to ISA 2004 2006 MSN Windows Messenger Live blocking

Keywords: kbhowto KB925120