Module 7: Advanced Application and Web Filtering Overview Advanced Application and Web Filtering Overview Configuring HTTP Web Filters Additional Application and Web Filters Lesson: Advanced Application and Web Filtering Overview What Is an Application Filter? What Is a Web Filter? Why Use Application and Web Filters? Application and Web Filter Architecture What Is an Application Filter? Application filters can: Enable firewall traversal for complex protocols Enable protocol-level intrusion detection Enable protocol-level content filtering Generate alerts and log events ISA Server Application Server What Is a Web Filter? Web filters can: Scan and modify HTTP requests Scan and modify HTTP responses Block specified responses Log and analyze traffic Encrypt and compress data Implement custom authentication schemes ISA Server Web Server Why Use Application and Web Filters? Application and Web filters provide: Application and Web filters provide: Protection against malicious code by blocking packets that have worm or virus characteristics Protection against user actions by blocking the download of harmful programs or ensuring that some types of data do not leave the network Protection against specific network connections by blocking connection attempts by specific applications Integration with third-party or custom filters that have been developed using the application filter API or the Web filter API Protection against malicious code by blocking packets that have worm or virus characteristics Protection against user actions by blocking the download of harmful programs or ensuring that some types of data do not leave the network Protection against specific network connections by blocking connection attempts by specific applications Integration with third-party or custom filters that have been developed using the application filter API or the Web filter API Web Proxy Filter Web Filter API Application Filter API Application and Web Filter Architecture Rules Engine Rules Engine 3 3 Application Filters Web Filters Firewall Service Firewall Engine 2 2 1 1 4 4 Lesson: Configuring HTTP Web Filters HTTP Web Filtering Overview How to Configure HTTP Web Filter General Properties How to Configure HTTP Web Filter Methods How to Configure HTTP Web Filter Extensions How to Configure HTTP Web Filter Headers How to Configure HTTP Web Filter Signatures How to Identify an HTTP Application Signature Best Practice: HTTP Filter Configuration for Web Publishing HTTP Web Filtering Overview Use HTTP filtering to: HTTP filtering is rule specific so you can configure different filters for each access or publishing rule Use HTTP filtering to: HTTP filtering is rule specific so you can configure different filters for each access or publishing rule Filter traffic from internal clients to other networks Filter traffic from Internet clients to internal Web servers Filter traffic from internal clients to other networks Filter traffic from Internet clients to internal Web servers HTTP filters enable filtering of HTTP packets based on several criteria HTTP filters enable filtering of HTTP packets based on several criteria How to Configure HTTP Web Filter General Properties Configure maximum payload length Configure maximum payload length Configure maximum URL and query length Configure maximum URL and query length Configure maximum header length Configure maximum header length [...]... with Default HTTP Filter Importing and Testing Sample HTTP Filter Settings Modifying HTTP Filter Settings Den -Web- 01 Gen -Web- 01 Den-ISA-01 Den-DC-01 Internet Lesson: Additional Application and Web Filters About the FTP Application Filter About the SOCKS V4 Application Filter Other Application and Web Filters How to Develop Application and Web Filters About the FTP Application Filter Contoso Ltd FTP... Application Filter Application Server ISA Server SOCKS Application Other Application and Web Filters ISA Server 2004 includes: Application filters that enable complex and secure client to server connections while hiding the complexity of the firewall configuration from the administrator Web filters to implement features such as special authentication mechanisms and link translation How to Develop Application. .. Application and Web Filters ISA Server filters that can be developed include: Protocol-enabling filters Protocol-scanning filters Redirection filters NAT supporting filters Intrusion detection filters Content filtering filters Use the ISA Server SDK to create custom filters Lab: Configuring the HTTP Web Filter Exercise 1: Identifying an Application Method and Signature Exercise 2: Modifying the HTTP Web Filter... Configure maximum header, payload, URL and query lengths Verify normalization and do not block high-bit characters Allow only GET, HEAD, and POST Block executable and server side includes extensions Block potentially malicious signatures Use the httpfilterconfig.vbs script from the ISA Server CD to import and export HTTP filter configurations Practice: Configuring HTTP Filtering Testing HTTP Connections... Configure HTTP Web Filter Methods Configure allowed or blocked methods How to Configure HTTP Web Filter Extensions Configure allowed or blocked extensions How to Configure HTTP Web Filter Headers Configure headers that will be blocked Configure server header settings Configure Via header settings How to Configure HTTP Web Filter Signatures Configure blocked signatures How to Identify an HTTP Application. .. image/jpeg,.image/pjpeg, application/ vnd.ms-excel, application/ vnd.ms-powerpoint, application/ msword,.*/* .Accept-Language:.en-us .If-Modified-Since:.Fri,.11.Oct.2002.20:30:04.GMT .If-None-Match:."06ee8fa6471c21:428" .User-Agent:.Mozilla/4.0.(compatible;.MSIE.6.0; Windows.NT.5.1) .Host:.www.contoso.com .Proxy-Connection:.Keep-Alive HTTP Header Signature Best Practice: HTTP Filter Configuration for Web Publishing... filters Use the ISA Server SDK to create custom filters Lab: Configuring the HTTP Web Filter Exercise 1: Identifying an Application Method and Signature Exercise 2: Modifying the HTTP Web Filter Den -Web- 01 Gen -Web- 01 Den-ISA-01 Den-DC-01 Internet . Module 7: Advanced Application and Web Filtering Overview Advanced Application and Web Filtering Overview Configuring HTTP Web Filters Additional Application. Application and Web Filters Lesson: Advanced Application and Web Filtering Overview What Is an Application Filter? What Is a Web Filter? Why Use Application and Web