Using ISA Content Groups to Restrict the Use of Non Business Related Traffic

by Ricky M. Magalhaes [Published on 14 Oct. 2002 / Last Updated on 21 May 2013]

Ensure that your bandwidth is used efficiently. This tutorial will show you how to configure ISA Server's content groups to streamline and enforce your bandwidth policies, giving you the control that you may require.

In this tutorial I will show you the power of using ISA server’s content groups to streamline and enforce your bandwidth policies, giving you the control that you may require, ensuring that your internet bandwidth is utilized more efficiently.  This tutorial also demonstrates the added value features that ISA server has and you will most probably find that this type of granular control is just what the management ordered.

Why do we need to restrict?

Restricting is most probably the one thing I dislike most in my line of work.  Unfortunately for the users and customers this type ‘restricting’ needs to be done, when employed by the business you need to protect the business interests, and if this means protecting valid e-mail and business internet traffic at the cost of restriction then so be it.  There is far too much non business related traffic queuing up on your firewall its time that you protect the business and prioritize your business traffic.

Creating a bandwidth policy of acceptable usage is all well and good, but now we come to the interesting part how do you enforce this policy?  Let me give you two examples.  In your Bandwidth policy it may state that due to the nature of your business no MP3 files must be downloaded during office hours excluding lunch.  Or ever had the problem that your policy states that no video streaming during office hours but no one listens?

Your bandwidth is directly impacted during the day when it is being the most utilized.  The trend seems to be that in the morning for the first hour your bandwidth peaks to about 80% for a short while and then shortly subsides back to the low 20% mark even lower if your traffic is negligible.

Closer to lunch time there is a spike that seems to be prevalent and this time for a little longer, it may even last for about 35 – 40 minutes. The next spike should be just before people go home.  What are we doing here in this little exercise? We are analyzing traffic patterns and the way people utilize the internet.  If you look at it carefully enough you find that the first thing people seem to do when they get to work is read their web based mail and go to the news sites to read the news.  Then they start their work towards the middle of the day lunch time comes along and some of them will then go onto the internet and start some more abrasive browsing and this time they might go to sport sites to see what happened at the weekend game, what the scores were, what their investments are doing or might just do some senseless browsing.

I find this traffic not to be that damaging but it’s the unexpected type of traffic that can cause the most problems.  Irrelevant of how much bandwidth you have I have noted that if you throw bandwidth at a problem it seems to reoccur if the problem is related to behavioral patterns.  What I am saying is that your job is not only IS or IT it also includes studding the way people work and how they utilize the internet.  Identifying these patterns can solve a lot of your problems that you maybe experiencing, it will also assist you in problem solving and will help in your thinking and understanding of your network.

Redirecting traffic that has broken the rules

What do you do with traffic that has broken the basic policy rules that have been laid down?  Well what ISA enables you to do is redirect a user or customer that has broken the rule to an internal or external website.  On this website you can put up your policy for acceptable usage and inform the User that he/she is in violation of the policy.  This should be enough to scare them off but if this tactic does not work you may want to monitor this internal website for hits originating from the same users, if they are continuously attempting to download content then maybe it is time that an e-mail is sent to management alerting them.

In the following exercise I will show you how to a site and content rule to use content groups to block real audio plug-in for the guest account of your ISA server.


Locate the site and content rules object within ISA server MMC console. Right click the site and content rule then click on new then click on Rule.


Name the site and content rule, Content groups. Then click next.


Click on the Deny radio button.  If you would like to redirect offending users to the intranet where the policy for acceptable use is stored check the If HTTP request, redirect to this site. Then type in the internal URL of the policy. Then click next.


Select the custom radio button and then click next.


Select all external destinations and then click next.


You can then select a schedule.  I have selected a schedule that I created earlier called work hours this means that this rule will only apply during the critical hours that bandwidth is at its weakest point.  It is important that your system clock is correct.  If your system clock is not correct you can run into problems. Then click next.


Now to select the specific user or user group you should select the Specific users and groups radio button. Then click next.


Now click on add.


Select the Guest user and then click on add then click ok.


Now click next.


Now you need to select audio.  Typically you will have selected a content group that you created before starting the site and content rule, that you have configured what you wanted to block within the content group in question.  To see how this is done you can look at one of my previous tutorials understanding ISA content groups.  Then click next.


Now click Finish.


Summary:  You have just created a site and content rule that will become one of your most powerful tools.  Enforcing a policy can always be tedious but Microsoft has found an easy and effective way to assist your organization in doing this, if they just invest a little time in configuring their ISA content groups.


See Also

The Author — Ricky M. Magalhaes

Ricky M. Magalhaes is a security specialist that has worked as a consultant and IT technical specialist for the past 8 years. He has been primarily responsible for implementation and design of Security, network architecture, communications, network infrastructure and Security R&D for many South African organizations that he works with. He is a windows 9x product specialist and has been working with the windows product since version win 3.11. He has also written articles on security for ; ; and many other well known security and technology websites.


Featured Links