Module 7:
Advanced Application and
Web Filtering
Overview
Advanced Application and Web Filtering Overview
Configuring HTTP Web Filters
Additional Application and Web Filters
Lesson: Advanced Application and Web Filtering Overview
What Is an Application Filter?
What Is a Web Filter?
Why Use Application and Web Filters?
Application and Web Filter Architecture
What Is an Application Filter?
Application filters can:
Enable firewall traversal for
complex protocols
Enable protocol-level intrusion
detection
Enable protocol-level content
filtering
Generate alerts and log events
ISA Server
Application
Server
What Is a Web Filter?
Web filters can:
Scan and modify HTTP
requests
Scan and modify HTTP
responses
Block specified responses

Log and analyze traffic
Encrypt and compress data
Implement custom
authentication schemes
ISA Server
Web
Server
Why Use Application and Web Filters?
Application and Web filters provide:
Application and Web filters provide:
Protection against malicious code by blocking packets
that have worm or virus characteristics
Protection against user actions by blocking the
download of harmful programs or ensuring that some
types of data do not leave the network
Protection against specific network connections by
blocking connection attempts by specific applications
Integration with third-party or custom filters that have
been developed using the application filter API or the
Web filter API
Protection against malicious code by blocking packets
that have worm or virus characteristics
Protection against user actions by blocking the
download of harmful programs or ensuring that some
types of data do not leave the network
Protection against specific network connections by
blocking connection attempts by specific applications
Integration with third-party or custom filters that have
been developed using the application filter API or the
Web filter API

Web Proxy
Filter
Web Filter API
Application Filter API
Application and Web Filter Architecture
Rules
Engine
Rules
Engine
3
3
Application
Filters
Web
Filters
Firewall
Service
Firewall
Engine
2
2
1
1
4
4
Lesson: Configuring HTTP Web Filters
HTTP Web Filtering Overview
How to Configure HTTP Web Filter General Properties
How to Configure HTTP Web Filter Methods
How to Configure HTTP Web Filter Extensions

How to Configure HTTP Web Filter Headers
How to Configure HTTP Web Filter Signatures
How to Identify an HTTP Application Signature
Best Practice: HTTP Filter Configuration for
Web Publishing
HTTP Web Filtering Overview
Use HTTP filtering to:
HTTP filtering is rule specific so you can configure
different filters for each access or publishing rule
Use HTTP filtering to:
HTTP filtering is rule specific so you can configure
different filters for each access or publishing rule
Filter traffic from internal clients to other networks
Filter traffic from Internet clients to internal
Web servers
Filter traffic from internal clients to other networks
Filter traffic from Internet clients to internal
Web servers
HTTP filters enable filtering of HTTP packets based
on several criteria
HTTP filters enable filtering of HTTP packets based
on several criteria
How to Configure HTTP Web Filter General Properties
Configure maximum
payload length
Configure maximum
payload length
Configure maximum
URL and query length
Configure maximum

URL and query length
Configure maximum
header length
Configure maximum
header length
How to Configure HTTP Web Filter Methods
Configure allowed
or blocked
methods
Configure allowed
or blocked
methods
How to Configure HTTP Web Filter Extensions
Configure allowed
or blocked
extensions
Configure allowed
or blocked
extensions
How to Configure HTTP Web Filter Headers
Configure server
header settings
Configure server
header settings
Configure Via
header settings
Configure Via
header settings
Configure headers
that will be blocked

Configure headers
that will be blocked
How to Configure HTTP Web Filter Signatures
Configure blocked
signatures
Configure blocked
signatures
GET. />.Accept:.image/gif,.image/x-xbitmap,
.image/jpeg,.image/pjpeg,
.application/vnd.ms-excel,
.application/vnd.ms-powerpoint,
.application/msword,.*/*.
.Accept-Language:.en-us.
.If-Modified-Since:.Fri,.11.Oct.2002.20:30:04.GMT.
.If-None-Match:."06ee8fa6471c21:428".
.User-Agent:.Mozilla/4.0.(compatible;.MSIE.6.0;
.Windows.NT.5.1).
.Host:.www.contoso.com.
.Proxy-Connection:.Keep-Alive
GET. />.Accept:.image/gif,.image/x-xbitmap,
.image/jpeg,.image/pjpeg,
.application/vnd.ms-excel,
.application/vnd.ms-powerpoint,
.application/msword,.*/*.
.Accept-Language:.en-us.
.If-Modified-Since:.Fri,.11.Oct.2002.20:30:04.GMT.
.If-None-Match:."06ee8fa6471c21:428".
.User-Agent:.Mozilla/4.0.(compatible;.MSIE.6.0;
.Windows.NT.5.1).
.Host:.www.contoso.com.

.Proxy-Connection:.Keep-Alive
How to Identify an HTTP Application Signature
Request
Header
Request
Header
HTTP
Header
HTTP
Header
Signature
Signature
HTTP
Request
HTTP
Request
Best Practice: HTTP Filter Configuration for Web Publishing
To configure a baseline HTTP filter:
To configure a baseline HTTP filter:
Configure maximum header, payload, URL and
query lengths
Verify normalization and do not block high-bit
characters
Allow only GET, HEAD, and POST
Block executable and server side includes extensions
Block potentially malicious signatures
Configure maximum header, payload, URL and
query lengths
Verify normalization and do not block high-bit
characters

Allow only GET, HEAD, and POST
Block executable and server side includes extensions
Block potentially malicious signatures
Use the httpfilterconfig.vbs script from the ISA Server
CD to import and export HTTP filter configurations
Use the httpfilterconfig.vbs script from the ISA Server
CD to import and export HTTP filter configurations
Practice: Configuring HTTP Filtering
Testing HTTP Connections with Default
HTTP Filter
Importing and Testing Sample HTTP
Filter Settings
Modifying HTTP Filter Settings
Den-Web-01
Internet
Den-ISA-01
Den-DC-01
Gen-Web-01
Lesson: Additional Application and Web Filters
About the FTP Application Filter
About the SOCKS V4 Application Filter
Other Application and Web Filters
How to Develop Application and Web Filters
About the FTP Application Filter
ISA
Server
ISA
Server
Contoso Ltd
FTP Site

Contoso Ltd
FTP Site
Connect on Port 20
Reply to port 2457
Connect on Port 20
Reply to port 2457
Connect on Port 21
Reply to port 2456
Connect on Port 21
Reply to port 2456


About the SOCKS Version 4 Application Filter
ISA
Server
ISA
Server
Application Server
Application Server
SOCKS Application
SOCKS Application
Other Application and Web Filters
ISA Server 2004 includes:
ISA Server 2004 includes:
Application filters that enable complex and
secure client to server connections while hiding the
complexity of the firewall configuration from
the administrator
Web filters to implement features such as special
authentication mechanisms and link translation

Application filters that enable complex and
secure client to server connections while hiding the
complexity of the firewall configuration from
the administrator
Web filters to implement features such as special
authentication mechanisms and link translation
How to Develop Application and Web Filters
ISA Server filters that can be developed include:
ISA Server filters that can be developed include:
Protocol-enabling filters
Protocol-scanning filters
Redirection filters
NAT supporting filters
Intrusion detection filters
Content filtering filters
Protocol-enabling filters
Protocol-scanning filters
Redirection filters
NAT supporting filters
Intrusion detection filters
Content filtering filters
Use the ISA Server SDK to create custom filters
Use the ISA Server SDK to create custom filters
Lab: Configuring the HTTP Web Filter
Exercise 1: Identifying an Application
Method and Signature
Exercise 2: Modifying the HTTP Web Filter
Den-Web-01
Internet
Den-ISA-01

Den-DC-01
Gen-Web-01