Microsoft ISA Server or Forefront TMG Integration > Configuring the ISAPI Filter plug-in to ignore specific traffic

Configuring the ISAPI Filter plug-in to ignore specific traffic

Applies to

Web Filter v7.6

Web Security v7.6

In this topic

Configuring the ISAPI Filter plug-in to ignore specific traffic

Client computer configuration

Firewall configuration

Configuring the ISAPI Filter plug-in to ignore specific traffic

You can configure the ISAPI Filter plug-in to bypass both filtering and logging for certain traffic, based on the user name, host name, or URL. This may be used for a small group of Web sites or users, or for machines in a complex proxy-array or proxy-chaining configuration.

To prevent filtering and logging of this traffic, add the user names, host names, and URLs that you do not want Websense software to filter to the isa_ignore.txt file.

1.	On the ISA/TMG machine, open the isa_ignore.txt file in a text editor. This file is located in the Windows system32 directory.

 

Important  The default isa_ignore.txt file installed during a Websense upgrade or installation contains the following URL: url=http://ms_proxy_intra_array_auth_query/ Do not delete this URL. It is used by ISA/TMG in a CARP array for communication. This URL must be ignored by Websense software to allow filtering and logging to work properly when multiple ISA/TMG instances are deployed in an array.

2.	Enter each user name, host name, or URL that you want Websense software to ignore. Enter each item on its own line in the file, using the formats below.

 

Important  You must enter each user name, host name, or URL in the exact same format that ISA Server passes it to Filtering Service.

User name: Enter the name of a user whose Internet requests should not be filtered or logged by Websense software:

username=<user_name>

Examples:

username=jsmith
username=domain1/jsmith

Host name: Enter a destination host name that Websense software should not filter or log user visits to:

hostname=<host_name>

Example:

hostname=yahoo.com

URL: Enter a URL that Websense software should not filter or log user visits to:

url=<URL>

Example:

url=http://mail.yahoo.com/
url=mail.yahoo.com/

 

Note  To assure that the correct format is available for all situations, it is recommended that you enter the same name in all available configurations. For example, make 2 entries for user name: one with and one without the domain. Make 2 entries for URL: one with and one without the protocol.

3.	Restart the ISA/TMG service.

Client computer configuration

Internet browsers on client computers should be configured to use ISA/TMG to handle HTTP, HTTPS, and FTP requests.

An exception to this configuration is browsers in an ISA/TMG environment using Firewall/Forefront TMG Clients or SecureNAT. These browsers must point to the same port, 8080, that ISA/TMG uses for each protocol.

See the browser online help for configuration instructions.

Firewall configuration

To prevent users from circumventing Websense filtering, configure your firewall or Internet router to allow outbound HTTP, HTTPS, and FTP requests only from ISA Server.

Contact your router or firewall vendor for information about configuring access lists on the router or firewall.

 

Important  If Internet connectivity of Websense software requires authentication through a proxy server or firewall for HTTP traffic, the proxy server or firewall must be configured to accept clear text or basic authentication to enable the Websense Master Database download.

Microsoft ISA Server or Forefront TMG Integration > Configuring the ISAPI Filter plug-in to ignore specific traffic