Forefront TMG URL filtering allows you to enforce a browsing policy throughout the organization, by blocking access to security-related, liability-related, and productivity-related Web sites, based on predefined URL categories.

This topic is designed to help you plan for URL filtering, as follows:

About URL filtering

URL filtering identifies certain types of Web sites, such as, known malicious sites and sites that display inappropriate or pornographic materials, and allows or blocks access to the sites based on predefined URL categories. The default categorization of a specific Web site is determined by the Microsoft Reputation Service (MRS) and can be edited by the Forefront TMG system administrator. When a request to access a Web site is received, Forefront TMG queries MRS to determine the categorization of the Web site. If the Web site has been categorized as a blocked URL category or category set, Forefront TMG blocks the request.

When users request access to a Web site to which access is blocked, they receive a denial notification that includes the denied request category. In some cases, users may contact the administrator to dispute the categorization of the Web site. In such a case, you can check whether the URL was categorized properly. If the Web site was not categorized correctly, you can create a custom setting for this URL. For information, see Introduction to managing URL filtering.

URL filtering is subscription based, and is part of the Forefront TMG Web Security Service license. For licensing information, see How to Buy Forefront Edge Security and Access Products (

Benefits of applying URL filtering

The benefits of applying URL filtering include:

  • Enhancing your security by preventing access to malicious sites, such as, phishing sites.

  • Lowering liability risks by preventing access to sites that display inappropriate materials, such as, hate, criminal activities, or pornography sites.

  • Improving the productivity of your organization, by preventing access to non-productive sites, such as, games or instant messaging.

  • Using URL filtering related reports and log entries to learn about the Web usage in your organization, such as, what are the most browsed URL categories.

  • Excluding sites from inspection by the HTTPS and malware inspection mechanisms, such as, excluding financial sites from HTTPS inspection due to privacy considerations.

About URL categories

Forefront TMG features over 70 URL categories. A URL category is a collection of URLs that match a pre-defined criterion, such as, malicious, anonymizers, or illegal drugs. Categories are grouped by category sets, which can be used to simplify the configuration of Forefront TMG policies.

Forefront TMG leverages and utilizes MRS, a cloud-based object categorization system hosted in Microsoft data centers, to categorize the URLs that users request. MRS is designed to provide comprehensive reputation content to enable core trust scenarios across Microsoft solutions, and maintains a database with tens of millions of unique URLs and their respective categories.

  • You can override the default URL categorization, by specifying a new URL category for an IP address or URL. For information, see Overriding URL categorization.

  • You can report classifications issues to Microsoft, thus increasing the likelihood that MRS will address coverage and accuracy gaps specific to your organization.

Related Topics