Access Rules

Access rules determine how clients on a source network access resources on a destination network.

You can configure access rules to apply to all IP traffic, to a specific set of protocol definitions, or to all IP traffic except selected protocols.

ISA Server includes a list of preconfigured, well-known protocol definitions, including the Internet protocols that are most widely used. You can also add or modify additional protocols.

When a client requests an object, ISA Server checks the access rules. A request is processed only if an access rule specifically allows the client to communicate using the specific protocol and also allows access to the requested object.

Controlling Internet access depends primarily on the design and order of access rules.

After you create an access rule, you can view and edit all of its properties by double-clicking the rule in the Firewall Policy details pane. One of these properties is HTTP policy, in which you can configure HTTP settings for requests that match a specific allow access rule. You can also access HTTP policy settings by right-clicking a rule and selecting Configure HTTP.

ISA Server is an application-layer firewall, and applies an application filter to HTTP traffic. Because ISA Server can examine HTTP requests, applications that are tunneled through HTTP can be blocked, depending on how you configure the HTTP application filter. The HTTP application filter provides granular control over the HTTP requests allowed by your firewall policy.

HTTP filtering applies to allow rules, to limit what is allowed. It cannot be applied to deny rules.