And... The User-Agent header string is only accurate if left untouched. Some programs allow you to change the User-Agent string, making filters like that useless. ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Friday, October 06, 2006 9:50 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Signatures To identify the application in HTTP traffic, you'll want to seek out the User-Agent header. Bear in mind that you can't configure "allow only" HTTP Filter header definition. This mechanism is "blacklist" only. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR Sent: Friday, October 06, 2006 6:44 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Signatures Hello there For the first time in a long time I have some time to play around with my ISA's and I want to expend some time working on HTTP filtering. The thing is, how seeing the packets on my NetMon3 Beta (Thanks Jim) I know the signatures of the product used to generate that HTTP traffic? For example, which one is the signature for Internet Explorer and which one for Firefox? To by that way be able to filter traffic generated from one and not the other one. Sorry if my question is kind of stupid but I have no idea about this topic. If you know about some documents online, please let me know. Thanks guys Regards Diego R. Pietruszka All mail to and from this domain is GFI-scanned.