RE: User-Agent String
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 27 Apr 2005 09:18:09 -0700
Actually, since anyone can change their user-agent signature (even IE
folks), it doesn't matter what you set.
You'll always be "chasing your bad guys" no matter how you configure for
HTTP signatures.
The answer is to create a customer 12217.htm and 12217r.htm error pages
that simply say something a bit more PC than f#$% off.
This way, they don't get the "HTTP Filter <blah> response and don't get
a clue about how to get around you.
Remember to restart the firewall service so that it picks up the new
page.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
<http://isaserver.org/Jim_Harrison/>
http://isatools.org <http://isatools.org/>
Read the help / books / articles!
-------------------------------------------------------
________________________________
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
Sent: Wednesday, April 27, 2005 09:13
To: [ISAserver.org Discussion List]
Subject: [isalist] User-Agent String
http://www.ISAserver.org
I know this has been discussed a couple of times, but I don't remember
if we ever found a solution to it...
The way I have it setup now, to keep unauthorized software from using
http-tunneling and bypassing the filters, we inspect the "User-Agent"
portion of the header and block certain strings with the http filter.
This works, but the error message given to the client also explains that
it was blocked due to a User-Agent string. With programs such as
FireFox, they can then go in and modify their User-Agent string to allow
it through. In addition, knowing all the User-Agent strings to block is
difficult if not impossible.
So, it would make logical sense to use a "block all except" approach to
this instead. However, I have yet to be able to find this option, is it
possible in ISA2004?
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
________________________________
The correct technical term for haggis stalking is "havering".
<http://haggishunt.scotsman.com/haggisclopedia.cfm?part=5>
________________________________
All mail to and from this domain is GFI-scanned.
Other related posts:
