Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Symptoms

When HTTPS inspection is enabled, Microsoft Forefront Threat Management Gateway 2010 uses only the host part of the URL for URL filtering.

For example, consider the following scenario:

  • Assume that www.contoso.com belongs in the education category.

  • You set a URL category override for www.contoso.com/poker to the gambling category, and a deny rule exists for that category.

When you browse to http://www.contoso.com/poker in this scenario, Threat Management Gateway blocks this URL because the category is evaluated as gambling. However, when you browse to https://www.contoso.com/poker, the page loads.

Cause

This behavior occurs because for HTTPS inspection, Threat Management Gateway passes only the host domain (www.contoso.com) to the categorization service. In the example, the host domain falls into the "education" category.

Status

This behavior is by design. Threat Management Gateway does not send the path part of the URL for categorization during HTTPS inspection because of privacy issues. For example, the query string might include a user name or even a password.

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×