Planning for URL filtering
Published: November 15, 2009
Updated: February 1, 2011
Applies To: Forefront Threat Management Gateway (TMG)
Forefront TMG URL filtering allows you to enforce a browsing policy throughout the organization, by blocking access to security-related, liability-related, and productivity-related websites, based on predefined URL categories.
This topic is designed to help you plan for URL filtering, as follows:
About URL filtering
URL filtering identifies certain types of websites, such as, known malicious sites and sites that display inappropriate or pornographic materials, and allows or blocks access to the sites based on predefined URL categories. The default categorization of a specific website is determined by the Microsoft Reputation Services (MRS) and can be edited by the Forefront TMG system administrator. When a request to access a website is received, Forefront TMG queries MRS to determine the categorization of the website. If the website has been categorized as a blocked URL category or category set, Forefront TMG blocks the request.
When users request access to a website to which access is blocked, they receive a denial notification that includes the denied request category. In some cases, users may contact the administrator to dispute the categorization of the website. In such a case, you can check whether the URL was categorized properly. If the website was not categorized correctly, you can create a custom setting for this URL. For information, see Introduction to managing URL filtering.
URL filtering is subscription based, and is part of the Forefront TMG Web Security Service license. For licensing information, see How to Buy (http://go.microsoft.com/fwlink/?LinkId=179848).
Benefits of applying URL filtering
The benefits of applying URL filtering include:
Enhancing your security by preventing access to malicious sites, such as, phishing sites.
Lowering liability risks by preventing access to sites that display inappropriate materials, such as, hate, criminal activities, or pornography sites.
Improving the productivity of your organization, by preventing access to non-productive sites, such as, games or instant messaging.
Using URL filtering related reports and log entries to learn about the web usage in your organization, such as, what are the most browsed URL categories.
Excluding sites from inspection by the HTTPS and malware inspection mechanisms, such as, excluding financial sites from HTTPS inspection due to privacy considerations.
About URL categories
Forefront TMG features over 70 URL categories. A URL category is a collection of URLs that match a pre-defined criterion, such as, malicious, anonymizers, or illegal drugs. Categories are grouped by category sets, which can be used to simplify the configuration of Forefront TMG policies.
Forefront TMG leverages and utilizes MRS, a cloud-based object categorization system hosted in Microsoft data centers, to categorize the URLs that users request. MRS is designed to provide comprehensive reputation content to enable core trust scenarios across Microsoft solutions, and maintains a database with tens of millions of unique URLs and their respective categories.
Overriding URL categorization
You can override the default URL categorization of an IP address or URL. You do so by creating a URL category override, which allows you to specify a different URL category for that address. URL category overrides can be created for each array separately, or applied to all the arrays in an enterprise.
|Changing URL categorization on the enterprise level is a new feature in Forefront TMG 2010 SP1.|
If an IP address or URL is overridden to different categories on the enterprise and array levels, precedence is given to the array-level URL override. For information, see Overriding URL categorization.
You can report classification issues to Microsoft, thus increasing the likelihood that MRS will address coverage and accuracy gaps specific to your organization. For information, see Microsoft Reputation Services Feedback and Error Reporting (http://go.microsoft.com/fwlink/?LinkId=178581).