One of my favourite features in Microsoft Internet Security and Acceleration server (ISA Server) is the ability to create URL Lists that can be added to a DENY firewall rule.

The URL lists can contain any lists of URLs and wild cards work, so you can put a URL like http://ad.* and have it automatically block any domain that starts with AD.  Just by hovering your pointer over a bunch of advertisements on web pages, you can discover the URLs of the ad servers that serve them up, block those pages, and significantly improve your web surfing times just by blocking those sites.

To avoid having your page be full of "ISA Server Access Denied" type pages you just create an empty HTML file, and point it at that file instead.

Here’s a URL that explains how to configure this: