+ Post New Thread
Results 1 to 13 of 13
How do you do....it? Thread, Block URLs containing IP addresses. in Technical; I am new to ISA 2004 and Surfcontrol 5.0 and just discovered a problem with our filtering. If I attempt ...
  1. #1

    Join Date
    Jan 2008
    Location
    Cheshire, UK
    Posts
    340
    Thank Post
    68
    Thanked 60 Times in 42 Posts
    Rep Power
    48

    Block URLs containing IP addresses.

    I am new to ISA 2004 and Surfcontrol 5.0 and just discovered a problem with our filtering. If I attempt to view a site which is blocked (based on its FQDN) using it's IP address then I can get past our URL filtering.

    For example:
    http://www.facebook.com/ - blocked by Surfcontrol
    http://69.63.176.140/ - not blocked by anything.

    How do I block URLs which are based on IP addresses instead of FQDNs using ISA or Surfcontrol 5.0?

    Thanks.
    Last edited by sjatkn; 2nd June 2008 at 10:31 PM. Reason: Original URLs not formatted properly.

  2. #2

    TechMonkey's Avatar
    Join Date
    Dec 2005
    Location
    South East
    Posts
    3,300
    Thank Post
    226
    Thanked 412 Times in 305 Posts
    Rep Power
    163
    We went for the brute force method and have set a whole raft of rules such as "***.***.***.***". This isn't on ISA though so there could be a better way. The only thing to be wary of this method is that it catches short URLs, such as BBC - Homepage!

  3. #3


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,484
    Thank Post
    867
    Thanked 853 Times in 674 Posts
    Rep Power
    197
    Firstly, you might refine your regex so it looks for numbers, if indeed ISA can manage PCRE or something close (i'm thinking ([0-2][1-9]{2}\.){3}[0-2][0-9]{2} or similar, but don't quote me, it's early )

    Otherwise... get a filter which has a "block all IP address access" mode. As to where you'd find such a thing..

  4. Thanks to tom_newton from:

    linkazoid (16th March 2010)

  5. #4
    rrichmond's Avatar
    Join Date
    Jul 2007
    Location
    Brisbane
    Posts
    108
    Thank Post
    3
    Thanked 7 Times in 7 Posts
    Rep Power
    16
    Quote Originally Posted by tom_newton View Post

    Otherwise... get a filter which has a "block all IP address access" mode. As to where you'd find such a thing..
    Not sure this is a good idea. Have you ever had a look though your logs and seen the number of IP address lookup done?

  6. #5

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,413
    Thank Post
    642
    Thanked 964 Times in 664 Posts
    Blog Entries
    2
    Rep Power
    327
    We use IPCop, and have a little tickbox that says "Block sites accessed by it's IP address". Which we have ticked

  7. #6
    Friez's Avatar
    Join Date
    Dec 2006
    Posts
    839
    Thank Post
    22
    Thanked 22 Times in 21 Posts
    Rep Power
    23
    Quote Originally Posted by tom_newton View Post
    Firstly, you might refine your regex so it looks for numbers, if indeed ISA can manage PCRE or something close (i'm thinking ([0-2][1-9]{2}\.){3}[0-2][0-9]{2} or similar, but don't quote me, it's early )

    Otherwise... get a filter which has a "block all IP address access" mode. As to where you'd find such a thing..
    Doesn't quite work for me (because your regex doesn't allow for ip addresses that aren't all triple digits), although ([0-9]{0,3}\.){3}([0-9]{0,3}) does.

    This will match any IP address, but isn't 100% valid because it can include addresses like 300.562.24.999 which obviously aren't valid

    Assuming you have a regex engine to filter with of course!

  8. #7

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,413
    Thank Post
    642
    Thanked 964 Times in 664 Posts
    Blog Entries
    2
    Rep Power
    327
    There's some nice IP regex stuff here.

  9. #8

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,896
    Thank Post
    3,415
    Thanked 1,081 Times in 997 Posts
    Rep Power
    369

    2 block lists

    When I was using ISA ( cant remember which version now ) we had 2 block lists

    One block lists for URL's ie Welcome to Facebook! | Facebook

    One block lists for I.P Addresses ie 84.15.12.15 ( dummy ip addy btw )

    that way ISA wouldnt fall over with the URL's and I.P Addys being mixed and it still blocked the I.P Addys.

    This meant that obviously you would have a cmd window open and use nslookup on the URL's to find what ip addys the URL's were using. ( If that makes sense )

    Hope that helps.

  10. #9
    toasteroven's Avatar
    Join Date
    Jun 2008
    Location
    Northern BC
    Posts
    4
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    We use a modified Smoothwall at all our sites and use AdvancedProxy. Similar to IPCop, we also "Block IP address"; the same day we had initiated our proxy settings, we were seeing students bypass them by typing in the IPs.

    Word of caution; if you manage your proxy solution by IP address in a web browser... might not want to include your account / machine when you initiate the "block IPs".

  11. #10

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    9,976
    Thank Post
    1,852
    Thanked 2,292 Times in 1,692 Posts
    Rep Power
    818
    And for those of you using RM for your filtering, this is their response to my email to them today...

    "We are aware of this issue, we have a database in place that resolves
    the host name into an IP address and then applies the filtering. This
    database presently is down so the problem does exist (database should
    be back on line this week).

    Thank you for bringing this to our attention

    Kind regards
    John Barstead
    RM Filtering Team"

    To be fair, RM have been pretty reliable. From the sites reported on here, (proxies etc), very few get through the net.

  12. #11

    TechMonkey's Avatar
    Join Date
    Dec 2005
    Location
    South East
    Posts
    3,300
    Thank Post
    226
    Thanked 412 Times in 305 Posts
    Rep Power
    163
    Quote Originally Posted by elsiegee40 View Post
    And for those of you using RM for your filtering, this is their response to my email to them today...

    "We are aware of this issue, we have a database in place that resolves
    the host name into an IP address and then applies the filtering. This
    database presently is down so the problem does exist (database should
    be back on line this week).

    Thank you for bringing this to our attention

    Kind regards
    John Barstead
    RM Filtering Team"

    To be fair, RM have been pretty reliable. From the sites reported on here, (proxies etc), very few get through the net.
    Thats interesting as we had to initiate the brute force ban after being told RM hadn't got anything in place and hadn't planned to do anything. Hmm, will have to look into this next week when this is supposedly up again.

  13. #12


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,484
    Thank Post
    867
    Thanked 853 Times in 674 Posts
    Rep Power
    197
    @Friez - thanks for the fix - a thinko of the worst kind there might go with {1,3} tho - make sure at least a digit is present.

    @rrichmond - there's 2 options - use reverse lookup *or* ban access by "bare" IP addresses. Each has weaknesses - including the one yu pointed out for rdns, but between the 2 methods you should be able to find a best fit.

  14. #13

    Join Date
    Oct 2009
    Posts
    8
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    I have developed a DLL that plugs into IE that blocks IP addresses. I have posted my source code and basic instructions here

SHARE:
+ Post New Thread

Similar Threads

  1. how to find mac addresses?
    By FN-GM in forum Wireless Networks
    Replies: 9
    Last Post: 7th September 2007, 07:24 AM
  2. exempt web addresses from ISA Cache
    By timbo343 in forum Windows
    Replies: 5
    Last Post: 13th July 2007, 02:10 PM
  3. 'cloaking' URLS of individual Pages
    By Mintsoft in forum Web Development
    Replies: 11
    Last Post: 8th July 2006, 12:22 PM
  4. MAC Addresses and Computer Names
    By mattpant in forum Wireless Networks
    Replies: 4
    Last Post: 29th October 2005, 04:58 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •