+ Post New Thread
Results 1 to 13 of 13
How do you do....it? Thread, Block URLs containing IP addresses. in Technical; I am new to ISA 2004 and Surfcontrol 5.0 and just discovered a problem with our filtering. If I attempt ...
  1. #1

    Join Date
    Jan 2008
    Location
    Cheshire, UK
    Posts
    340
    Thank Post
    68
    Thanked 60 Times in 42 Posts
    Rep Power
    48

    Block URLs containing IP addresses.

    I am new to ISA 2004 and Surfcontrol 5.0 and just discovered a problem with our filtering. If I attempt to view a site which is blocked (based on its FQDN) using it's IP address then I can get past our URL filtering.

    For example:
    http://www.facebook.com/ - blocked by Surfcontrol
    http://69.63.176.140/ - not blocked by anything.

    How do I block URLs which are based on IP addresses instead of FQDNs using ISA or Surfcontrol 5.0?

    Thanks.
    Last edited by sjatkn; 2nd June 2008 at 10:31 PM. Reason: Original URLs not formatted properly.

  2. #2

    TechMonkey's Avatar
    Join Date
    Dec 2005
    Location
    South East
    Posts
    3,286
    Thank Post
    225
    Thanked 405 Times in 302 Posts
    Rep Power
    162
    We went for the brute force method and have set a whole raft of rules such as "***.***.***.***". This isn't on ISA though so there could be a better way. The only thing to be wary of this method is that it catches short URLs, such as BBC - Homepage!

  3. #3


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,463
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    Firstly, you might refine your regex so it looks for numbers, if indeed ISA can manage PCRE or something close (i'm thinking ([0-2][1-9]{2}\.){3}[0-2][0-9]{2} or similar, but don't quote me, it's early )

    Otherwise... get a filter which has a "block all IP address access" mode. As to where you'd find such a thing..

  4. Thanks to tom_newton from:

    linkazoid (16th March 2010)

  5. #4
    rrichmond's Avatar
    Join Date
    Jul 2007
    Location
    Brisbane
    Posts
    108
    Thank Post
    3
    Thanked 7 Times in 7 Posts
    Rep Power
    16
    Quote Originally Posted by tom_newton View Post

    Otherwise... get a filter which has a "block all IP address access" mode. As to where you'd find such a thing..
    Not sure this is a good idea. Have you ever had a look though your logs and seen the number of IP address lookup done?

  6. #5

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,403
    Thank Post
    638
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    319
    We use IPCop, and have a little tickbox that says "Block sites accessed by it's IP address". Which we have ticked

  7. #6
    Friez's Avatar
    Join Date
    Dec 2006
    Posts
    839
    Thank Post
    22
    Thanked 22 Times in 21 Posts
    Rep Power
    23
    Quote Originally Posted by tom_newton View Post
    Firstly, you might refine your regex so it looks for numbers, if indeed ISA can manage PCRE or something close (i'm thinking ([0-2][1-9]{2}\.){3}[0-2][0-9]{2} or similar, but don't quote me, it's early )

    Otherwise... get a filter which has a "block all IP address access" mode. As to where you'd find such a thing..
    Doesn't quite work for me (because your regex doesn't allow for ip addresses that aren't all triple digits), although ([0-9]{0,3}\.){3}([0-9]{0,3}) does.

    This will match any IP address, but isn't 100% valid because it can include addresses like 300.562.24.999 which obviously aren't valid

    Assuming you have a regex engine to filter with of course!

  8. #7

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,403
    Thank Post
    638
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    319
    There's some nice IP regex stuff here.

  9. #8

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,729
    Thank Post
    3,252
    Thanked 1,049 Times in 971 Posts
    Rep Power
    364

    2 block lists

    When I was using ISA ( cant remember which version now ) we had 2 block lists

    One block lists for URL's ie Welcome to Facebook! | Facebook

    One block lists for I.P Addresses ie 84.15.12.15 ( dummy ip addy btw )

    that way ISA wouldnt fall over with the URL's and I.P Addys being mixed and it still blocked the I.P Addys.

    This meant that obviously you would have a cmd window open and use nslookup on the URL's to find what ip addys the URL's were using. ( If that makes sense )

    Hope that helps.

  10. #9
    toasteroven's Avatar
    Join Date
    Jun 2008
    Location
    Northern BC
    Posts
    4
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    We use a modified Smoothwall at all our sites and use AdvancedProxy. Similar to IPCop, we also "Block IP address"; the same day we had initiated our proxy settings, we were seeing students bypass them by typing in the IPs.

    Word of caution; if you manage your proxy solution by IP address in a web browser... might not want to include your account / machine when you initiate the "block IPs".

  11. #10

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,719
    Thank Post
    1,785
    Thanked 2,170 Times in 1,605 Posts
    Rep Power
    770
    And for those of you using RM for your filtering, this is their response to my email to them today...

    "We are aware of this issue, we have a database in place that resolves
    the host name into an IP address and then applies the filtering. This
    database presently is down so the problem does exist (database should
    be back on line this week).

    Thank you for bringing this to our attention

    Kind regards
    John Barstead
    RM Filtering Team"

    To be fair, RM have been pretty reliable. From the sites reported on here, (proxies etc), very few get through the net.

  12. #11

    TechMonkey's Avatar
    Join Date
    Dec 2005
    Location
    South East
    Posts
    3,286
    Thank Post
    225
    Thanked 405 Times in 302 Posts
    Rep Power
    162
    Quote Originally Posted by elsiegee40 View Post
    And for those of you using RM for your filtering, this is their response to my email to them today...

    "We are aware of this issue, we have a database in place that resolves
    the host name into an IP address and then applies the filtering. This
    database presently is down so the problem does exist (database should
    be back on line this week).

    Thank you for bringing this to our attention

    Kind regards
    John Barstead
    RM Filtering Team"

    To be fair, RM have been pretty reliable. From the sites reported on here, (proxies etc), very few get through the net.
    Thats interesting as we had to initiate the brute force ban after being told RM hadn't got anything in place and hadn't planned to do anything. Hmm, will have to look into this next week when this is supposedly up again.

  13. #12


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,463
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    @Friez - thanks for the fix - a thinko of the worst kind there might go with {1,3} tho - make sure at least a digit is present.

    @rrichmond - there's 2 options - use reverse lookup *or* ban access by "bare" IP addresses. Each has weaknesses - including the one yu pointed out for rdns, but between the 2 methods you should be able to find a best fit.

  14. #13

    Join Date
    Oct 2009
    Posts
    8
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    I have developed a DLL that plugs into IE that blocks IP addresses. I have posted my source code and basic instructions here

SHARE:
+ Post New Thread

Similar Threads

  1. how to find mac addresses?
    By FN-GM in forum Wireless Networks
    Replies: 9
    Last Post: 7th September 2007, 07:24 AM
  2. exempt web addresses from ISA Cache
    By timbo343 in forum Windows
    Replies: 5
    Last Post: 13th July 2007, 02:10 PM
  3. 'cloaking' URLS of individual Pages
    By Mintsoft in forum Web Development
    Replies: 11
    Last Post: 8th July 2006, 12:22 PM
  4. MAC Addresses and Computer Names
    By mattpant in forum Wireless Networks
    Replies: 4
    Last Post: 29th October 2005, 04:58 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •