Link to home
Create AccountLog in
Avatar of Gabriel0

asked on

TMG 2010 How To Exclude URL

Mi Name is Gabriel from Argentina and i have this "problem":

I'm blocking using an Domain Name Set, i need to exclude some specific videos, i tried to add the complete URL video to an already existing URL Set in the Exceptions of the same Web Acces Blocking Rule that blocks, the name of this Rule is "Navegacion Restricta", but i don't have any luck.

Log of TMG:

Denied Connection SRISPW001P000 2/19/2013 9:42:01 AM
Log type: Web Proxy (Forward)
Status: 12233 Forefront TMG denied the specified Uniform Resource Locator (URL).  
Rule: Navegacion Restricta
Source: Internal XXXXXXXXXXX
Destination: External (XXXXXXXXXX:443)
Filter information: Req ID: 141b8a5f; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: SSL-tunnel

Somebody trying already this?

Thanks in Advance.
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Gabriel0


Hello craibeck,
First, thanks for your reply.
Already check that and the user still navigate that URL by the Restricted Rule.

I have a rule named "Anonymous Access" in top of Web Access Rules, with a lot of pages open for all the Organization used by users and applications, i added an URL Set to that rule named "Youtube Open" thet url set have this URL ""

The rule it's too simple: Allow + From Internal + To "Youtube Open" + All Users
For some reason the user can't "hit" that rule and hit the Restricted Rule before.
Do you have SP1 installed for TMG ?
Are the clients using the TMG as their configured proxy, or are they SecureNAT?
Are using as Configured Proxy.
TMG has SP2 applied and the last rollout post SP2 (KB2689195)

Thanks both
everything seems ok...

As suggested before, try to create another rule for this  URL set..

Using traffic simulator int tmg console, test the new rule. Then test on clients machine.
TMG exceptions have always been a little haphazard in their implementation - especially when mixing domain blocks and URL exceptions together.

When you check the realtime log monitor, I assume it is the domain block rule that is still taking precedence?

Create an allow rule for the specific URL you want to allow and make sure this rule is ABOVE the domain block rule as TMG processes the policies from the top downwards.
Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
After lot of test i know this: Domain doesn't host the .SWF videos, i must open some sub domains and URLs used for youtube content to get this working.

Thanks for your help.