Actually, since anyone can change their user-agent signature (even IE folks), it doesn't matter what you set. You'll always be "chasing your bad guys" no matter how you configure for HTTP signatures. The answer is to create a customer 12217.htm and 12217r.htm error pages that simply say something a bit more PC than f#$% off. This way, they don't get the "HTTP Filter <blah> response and don't get a clue about how to get around you. Remember to restart the firewall service so that it picks up the new page. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ <http://isaserver.org/Jim_Harrison/> http://isatools.org <http://isatools.org/> Read the help / books / articles! ------------------------------------------------------- ________________________________ From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Wednesday, April 27, 2005 09:13 To: [ISAserver.org Discussion List] Subject: [isalist] User-Agent String http://www.ISAserver.org I know this has been discussed a couple of times, but I don't remember if we ever found a solution to it... The way I have it setup now, to keep unauthorized software from using http-tunneling and bypassing the filters, we inspect the "User-Agent" portion of the header and block certain strings with the http filter. This works, but the error message given to the client also explains that it was blocked due to a User-Agent string. With programs such as FireFox, they can then go in and modify their User-Agent string to allow it through. In addition, knowing all the User-Agent strings to block is difficult if not impossible. So, it would make logical sense to use a "block all except" approach to this instead. However, I have yet to be able to find this option, is it possible in ISA2004? ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ________________________________ The correct technical term for haggis stalking is "havering". <http://haggishunt.scotsman.com/haggisclopedia.cfm?part=5> ________________________________ All mail to and from this domain is GFI-scanned.