Using Destination Stes with ISA 2004 or 2006 (borrowed from the lazyadmin 'cos I am lazier than him).

Locking down web access is a must in today's IT enviroment. Spyware, Adware, and harassment lawuits are among the few things that wide open web access can give you.

Thankfully with ISA we can block access to these sites using URL and Domain Deny Lists. On top of this it is possible to import these lists in XML format.

Importing the XML File

We will start by opening up the ISA Manager MMC. From the Firewall Policy node, click on Toolbox, locate Domain Name Sets and right-click it; select Import All.

Locate the XML file on the hard drive or network share and select Import.

The XML will be imported......


..... and we are ready to create the Access Rule.

Creating the Access Rule

Click on the Tasks tab and select Create a New Access Rule. The wizard will begin, enter the name for this rule and click Next.

We are going to want to deny access to these Domains so ensure the Deny radio button is selected and click Next.

We want to block all web access to these sites so select the HTTP and HTTPS protocols before clicking Next.

We want the rule to apply to traffic going out from the internal network. Click Add and select the Internal network from the Network Sets list and click Next to proceed.

Now we will enter the blocked Domain Name Sets. Click Add, drill down to the Domain Name Sets and select all the lists you imported earlier.


We want this rule to apply to all users so click Add, and select All Users before clicking Next.

Finally, review the settings for this access rule and click Finish.

Apply the rule and we are ready to test it out.

Open up a web browser and browse to one of the domains listed in the XML file. You will be denied access and shown a 502 Proxy Error page.