Blocking access from specific countries using ISA Server 2006

by Shijaz Abdulla on 19.10.2008 at 11:57

Source: You can now choose from which countries you need to allow access to your servers using ISA Server 2006!

If you were to do it manually, by obtaining IP ranges for different countries and keying them all in, this would have invariably been a mammoth task! Just to give an example: If I wanted to block China, I would need to enter 600 IP address ranges. Similarly, if I wanted to block Israel, I would need to enter more than 860 IP address ranges!

Now, it is not in my interest to start a geopolitical or censorship debate here. I agree the internet should remain open and that’s the way it was meant to be. However, we all acknowledge that there may be enterprise requirements from corporate and/or government customers which would actually need such policies. So here goes:

A list of ISA Server computer sets classified by country in XML format, compiled by Thor is available for download here. The list includes 234 countries. Good luck!

Trackback Permanent Link

3 Responses to Blocking access from specific countries using ISA Server 2006

  1. Paul L. says:

    I’m running ISA 2k6 and want to block two countries.

    What do I do with XML code once I’ve downloaded it?

    Thanks in advance for your time and efforts.

  2. Shijaz says:

    The “XML code” is actually an exported computer set. You simply need to import it to your ISA Server configuration.

    I think you do this by right clicking on Computer Sets (under Network Objects) and then click Import.

    If you are using ISA Server Enterprise Edition, make sure you read this

  3. Derrick Flores (SATX) says:

    I have ISA Svr 2006 Std, how do I import the xml list?

Leave a Reply