+ Post New Thread
Results 1 to 13 of 13
How do you do....it? Thread, Block URLs containing IP addresses. in Technical; I am new to ISA 2004 and Surfcontrol 5.0 and just discovered a problem with our filtering. If I attempt ...
  1. #1

    Join Date
    Jan 2008
    Location
    Cheshire, UK
    Posts
    342
    Thank Post
    69
    Thanked 60 Times in 42 Posts
    Rep Power
    49

    Block URLs containing IP addresses.

    I am new to ISA 2004 and Surfcontrol 5.0 and just discovered a problem with our filtering. If I attempt to view a site which is blocked (based on its FQDN) using it's IP address then I can get past our URL filtering.

    For example:
    http://www.facebook.com/ - blocked by Surfcontrol
    http://69.63.176.140/ - not blocked by anything.

    How do I block URLs which are based on IP addresses instead of FQDNs using ISA or Surfcontrol 5.0?

    Thanks.
    Last edited by sjatkn; 2nd June 2008 at 11:31 PM. Reason: Original URLs not formatted properly.

  2. #2

    TechMonkey's Avatar
    Join Date
    Dec 2005
    Location
    South East
    Posts
    3,336
    Thank Post
    227
    Thanked 433 Times in 315 Posts
    Rep Power
    172
    We went for the brute force method and have set a whole raft of rules such as "***.***.***.***". This isn't on ISA though so there could be a better way. The only thing to be wary of this method is that it catches short URLs, such as BBC - Homepage!

  3. #3


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,507
    Thank Post
    871
    Thanked 862 Times in 681 Posts
    Rep Power
    199
    Firstly, you might refine your regex so it looks for numbers, if indeed ISA can manage PCRE or something close (i'm thinking ([0-2][1-9]{2}\.){3}[0-2][0-9]{2} or similar, but don't quote me, it's early )

    Otherwise... get a filter which has a "block all IP address access" mode. As to where you'd find such a thing..

  4. Thanks to tom_newton from:

    linkazoid (16th March 2010)

  5. #4
    rrichmond's Avatar
    Join Date
    Jul 2007
    Location
    Brisbane
    Posts
    108
    Thank Post
    3
    Thanked 7 Times in 7 Posts
    Rep Power
    17
    Quote Originally Posted by tom_newton View Post

    Otherwise... get a filter which has a "block all IP address access" mode. As to where you'd find such a thing..
    Not sure this is a good idea. Have you ever had a look though your logs and seen the number of IP address lookup done?

  6. #5

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,422
    Thank Post
    645
    Thanked 967 Times in 667 Posts
    Blog Entries
    2
    Rep Power
    328
    We use IPCop, and have a little tickbox that says "Block sites accessed by it's IP address". Which we have ticked

  7. #6
    Friez's Avatar
    Join Date
    Dec 2006
    Posts
    839
    Thank Post
    22
    Thanked 22 Times in 21 Posts
    Rep Power
    24
    Quote Originally Posted by tom_newton View Post
    Firstly, you might refine your regex so it looks for numbers, if indeed ISA can manage PCRE or something close (i'm thinking ([0-2][1-9]{2}\.){3}[0-2][0-9]{2} or similar, but don't quote me, it's early )

    Otherwise... get a filter which has a "block all IP address access" mode. As to where you'd find such a thing..
    Doesn't quite work for me (because your regex doesn't allow for ip addresses that aren't all triple digits), although ([0-9]{0,3}\.){3}([0-9]{0,3}) does.

    This will match any IP address, but isn't 100% valid because it can include addresses like 300.562.24.999 which obviously aren't valid

    Assuming you have a regex engine to filter with of course!

  8. #7

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,422
    Thank Post
    645
    Thanked 967 Times in 667 Posts
    Blog Entries
    2
    Rep Power
    328
    There's some nice IP regex stuff here.

  9. #8

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    10,053
    Thank Post
    3,585
    Thanked 1,123 Times in 1,025 Posts
    Rep Power
    377

    2 block lists

    When I was using ISA ( cant remember which version now ) we had 2 block lists

    One block lists for URL's ie Welcome to Facebook! | Facebook

    One block lists for I.P Addresses ie 84.15.12.15 ( dummy ip addy btw )

    that way ISA wouldnt fall over with the URL's and I.P Addys being mixed and it still blocked the I.P Addys.

    This meant that obviously you would have a cmd window open and use nslookup on the URL's to find what ip addys the URL's were using. ( If that makes sense )

    Hope that helps.

  10. #9
    toasteroven's Avatar
    Join Date
    Jun 2008
    Location
    Northern BC
    Posts
    4
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    We use a modified Smoothwall at all our sites and use AdvancedProxy. Similar to IPCop, we also "Block IP address"; the same day we had initiated our proxy settings, we were seeing students bypass them by typing in the IPs.

    Word of caution; if you manage your proxy solution by IP address in a web browser... might not want to include your account / machine when you initiate the "block IPs".

  11. #10

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,229
    Thank Post
    1,926
    Thanked 2,427 Times in 1,776 Posts
    Rep Power
    842
    And for those of you using RM for your filtering, this is their response to my email to them today...

    "We are aware of this issue, we have a database in place that resolves
    the host name into an IP address and then applies the filtering. This
    database presently is down so the problem does exist (database should
    be back on line this week).

    Thank you for bringing this to our attention

    Kind regards
    John Barstead
    RM Filtering Team"

    To be fair, RM have been pretty reliable. From the sites reported on here, (proxies etc), very few get through the net.

  12. #11

    TechMonkey's Avatar
    Join Date
    Dec 2005
    Location
    South East
    Posts
    3,336
    Thank Post
    227
    Thanked 433 Times in 315 Posts
    Rep Power
    172
    Quote Originally Posted by elsiegee40 View Post
    And for those of you using RM for your filtering, this is their response to my email to them today...

    "We are aware of this issue, we have a database in place that resolves
    the host name into an IP address and then applies the filtering. This
    database presently is down so the problem does exist (database should
    be back on line this week).

    Thank you for bringing this to our attention

    Kind regards
    John Barstead
    RM Filtering Team"

    To be fair, RM have been pretty reliable. From the sites reported on here, (proxies etc), very few get through the net.
    Thats interesting as we had to initiate the brute force ban after being told RM hadn't got anything in place and hadn't planned to do anything. Hmm, will have to look into this next week when this is supposedly up again.

  13. #12


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,507
    Thank Post
    871
    Thanked 862 Times in 681 Posts
    Rep Power
    199
    @Friez - thanks for the fix - a thinko of the worst kind there might go with {1,3} tho - make sure at least a digit is present.

    @rrichmond - there's 2 options - use reverse lookup *or* ban access by "bare" IP addresses. Each has weaknesses - including the one yu pointed out for rdns, but between the 2 methods you should be able to find a best fit.

  14. #13

    Join Date
    Oct 2009
    Posts
    8
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    I have developed a DLL that plugs into IE that blocks IP addresses. I have posted my source code and basic instructions here



SHARE:
+ Post New Thread

Similar Threads

  1. how to find mac addresses?
    By FN-GM in forum Wireless Networks
    Replies: 9
    Last Post: 7th September 2007, 08:24 AM
  2. exempt web addresses from ISA Cache
    By timbo343 in forum Windows
    Replies: 5
    Last Post: 13th July 2007, 03:10 PM
  3. 'cloaking' URLS of individual Pages
    By Mintsoft in forum Web Development
    Replies: 11
    Last Post: 8th July 2006, 01:22 PM
  4. MAC Addresses and Computer Names
    By mattpant in forum Wireless Networks
    Replies: 4
    Last Post: 29th October 2005, 05:58 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •