A quick and simple ISA rule to block dangerous web sites and URLs
Overview: Create a URL set of all sites and block them.
In this case I want to stop users being re-directed to the malware sites of the day. The sites I want to blocked are taken from the Internet Storm Center story on Internet Explorer Zero-day here
A quick way to do this:
1) Create a URL set call Malware – Blocked Sites and add in one URL i.e. www.badtest.com to blocked sites
2) Export the URL Set to a XML file Blocked.xml.
3) Dump the list of bad web sites in to a table or excel.
4) Pop <fpc4:Str dt:dt=”string”> and </fpc4:Str> around each URL
i.e. <fpc4:Str dt:dt=”string”>http://Badsite.bad.com</fpc4:Str>
5) Open Blocked.xml in a text editor, such as notepad.
6) Copy all of the edited entries in to the exported URL sites under the place holder URL www.badtest.com, that’s under <fpc4:URLStrings>, and save the file.
7) Import the Blocked.xml in to the URL set: Malware – Blocked Sites.
8) All the sites are now listed in alphabetical order in the URL set.
9) Create a deny rule for all protocols from Internal to Malware – Blocked Sites URL set.
10) Press the Apply button.
This will block and log access to those malicious/dangerous web sites.