image

Microsoft TMG (Threat Management Gateway) 2010 is basically the latest version of it’s elder brother Microsoft ISA.

The product is much better than it’s earlier release especially after releasing service pack 2, which gave it much more utilities and power.

Today we will be guiding you through utilizing the product to be able to block Uploading files to different sites, and especially to Webmail sites.

We will keep posting about other tweaks for this product in the following weeks.

 

Blocking Uploads on TMG

Since it’s not a straight forward process we will be guiding you through the steps:

1- Go to Forefront TMG Management

2- From the left menu choose Web Access Policy as shown below:

image

3- Once clicked on Web Access Policy, on the right hand side make sure that HTTPS Inspection is Enabled as shown below:

image

4- Now, first we will start the blocking of uploads for all sites. Go to the Allow Web Access for All Users as shown below:

image

5- Right click on the Web Access Rule and choose HTTP Filtering as shown below:

image

6- In General make sure that Allow any payload length is checked:

image

7- Go to Signatures and click on Add.

8- When the Dialog box is opened fill the following fields,

Name:        You can add anything, let’s say we will call it Block Uploads

Search in:    Request headers

HTTP Header: Content-Type:

Signature:   multipart/form-data

image

9- Click on OK once finished.

10- Now this should be blocking uploads for all websites, unless you are facing problems with Hotmail, then you need to do the following:

10.a.: Go to Signatures again and click Add.

10.b.: When the Dialog box is opened fill the following fields,

Name:        You can add anything, let’s say we will call it Block Hotmail Attachment

Search in:    Request URL

Signature:   /mail/attachmentuploader.aspx

image

10.c: Click on OK once finished.

10.d: Go to Signatures again and click Add

10.e.: When the Dialog box is opened fill the following fields,

Name:        You can add anything, let’s say we will call it Block Hotmail SilverLight

Search in:    Request URL

Signature:   /mail/silverlightattachmentuploader.aspx

image

Now you are ready to start annoying the employees in your company ;)

This will be just the start with TMG, and later on we will be posting about more features soon.