URL Sets in ISA Server 2006
URL Sets are like Domain Name Sets except URL Sets only block access to web connections. In order for URL Sets to work properly, connections must use HTTP or HTTPS protocols (FTP servers configured as Web Proxy clients may also be blocked) and must be handled by the Web Proxy filter.
For example, you can create a URL Set with an entry for hotmail.com and create a rule to block access to hotmail.com using all protocols. Any attempt to access the hotmail.com site with a browser application will be blocked, however users using configured SMTP or POP3 clients will still be able to retrieve mail from hotmail.com because the URL Set Only applies to HTTP, HTTPS and FTP access sessions via Web Proxy.
Always remember the difference between Domain Name Sets and URL Sets . URL Sets allow you to restrict access, block traffic to the desired URL using HTTP and HTTPS protocols as long as the connected client is using that protocol through the Web Proxy filter. In contrast, Domain Name Sets block all access to the domain using any protocol.
Create Access Rule
Domain Name Sets and URL Sets need to use Access Rules . You can create Domain Name Sets or URL Sets as a function of the Access Rule wizard. Follow the steps below to create an Access Rule and Domain Name or related URL Set to block access:
1. Open the Management Console of ISA Server 2006.Remember that Access Rules are processed in the order that follows. You need to move the new Access Rule and any other Deny Rules to the top of the list so that the system will process the previous rejection rules then handle the access permission rule.
2. Expand the server name and select the Firewall Policy .
3. Click the Tasks tab in the Task Pane .
4. Select Create a New Access Rule .
5. Enter a name for Access Rule (For example Block ESPN) and then click Next .
6. Select Deny on the Rule Action page and click Next .
7. On the Protocols page, select the Domain Name Set or URL Set .
If you create a Domain Name Set , select All Outbound Traffic .
If you create a URL Set , select Selected Protocols and then select HTTP and HTTPS .
8. Click Next .
9. Click the Add button on the Access Rule Sources page.
10. Click on Networks then select Internal . Then click Close .
11. Click Next .
12. Select Add on the Access Rule Destinations page.
13. On the Add Network Entities page, select Domain Name Set or URL Set .
14. Then enter a name for the Domain Name or URL Set in the dialog box displayed.
15. Click the New button and enter the domain name you want to block access to. For example * .espn.com .
16. Click OK .