A quick and simple ISA rule to block dangerous web sites and URLs

Overview: Create a URL set of all sites and block them.

In this case I want to stop users being re-directed to the malware sites of the day. The sites I want to blocked are taken from the Internet Storm Center story on Internet Explorer Zero-day here

A quick way to do this:

1)      Create a URL set call Malware – Blocked Sites and add in one URL i.e. www.badtest.com to blocked sites

2)      Export the URL Set to a XML file Blocked.xml.

3)      Dump the list of bad web sites in to a table or excel.

4)      Pop  <fpc4:Str dt:dt=”string”> and </fpc4:Str> around each URL
i.e. <fpc4:Str dt:dt=”string”>http://Badsite.bad.com</fpc4:Str>

5)      Open Blocked.xml in a text editor, such as notepad.

6)      Copy all of the edited entries in to the exported URL sites under the place holder URL www.badtest.com, that’s under <fpc4:URLStrings>, and save the file.

7)      Import the Blocked.xml in to the URL set: Malware – Blocked Sites.

8)      All the sites are now listed in alphabetical order in the URL set.

9)      Create a deny rule for all protocols from Internal to Malware – Blocked Sites URL set.

10)   Press the Apply button.

This will block and log access to those malicious/dangerous web sites.