TMG Enterprise Level URL Category Overrides

1 Introduction

Service Pack 1 (SP1) of Forefront TMG offers enterprise customers the ability to define URL category overrides for URL filtering, at the enterprise level.

Forefront TMG is connected to Microsoft’s URL categorization service (provided by Microsoft Reputation Services, MRS). If the categorization service returns either an “unknown” category or a category that an organization does not necessarily agree with, the organization can override the given category, that is, assign a different category to the URL.

In the RTM version of TMG this ability was available only at the array level. An organization with multiple arrays had to define the overrides for each array separately. Forefront TMG SP1 enables the organization to define enterprise level overrides that are propagated to all arrays with the enterprise configuration.

The enterprise level overrides are merged with the array level overrides on each array. We discuss the merge algorithm in Section ‎3.

2 Defining enterprise category overrides

In order to define (or remove) enterprise level category overrides do the following (see Figure 1):

1. In any TMG Enterprise Edition (EE) management console, click Enterprise at the top left corner.

2. On the Task pane (right side), under Enterprise Tasks, click the Configure URL Category Overrides (3rd from the top).

The array level (TMG RTM) URL Filtering Settings dialog box will appear but with just one tab – the URL Category Override tab.

Use this dialog box to enter new URLs and categories, to change categories and to remove URLs with their categories, similar to array level overrides.

clip_image002

Figure 1: URL Category Override screen shot

3 Merging enterprise and array level overrides

The merging of the two lists is done as follows:

1. Start with the array level list.

2. For every URL in the enterprise list

a. If the URL is not in the array level override list – add it to the list

b. If the URL is there with a different category – use the array level category (i.e. don’t replace)

This merging algorithm gives priority to the array level overrides.

Note – the merge process considers the URLs www.mycompany.com/homepage and www.mycompany/homepage/ to be the same URL, i.e. the slash at the end does not make a difference.

Once we have a single merged list, the categorization is based on the same heuristic as the array level categorization, i.e. the longest URL in the override list that fits the queried URL. Examples:

If you have www.a.com/* categorized as U and www.a.com/a/* categorized as V, then www.a.com/a/b will be categorized as V .

Author: Gabriel Koren

Reviewers: Juda Thitron and Roman Golubchyck