Configuring link translation settings

Applies To: Forefront Threat Management Gateway (TMG)

  1. In the Forefront TMG Management console in the tree, click the Firewall Policy node.

  2. In the task pane, click the applicable Web publishing rule.

  3. On the Tasks tab, click Edit Selected Rule.

  4. On the Link Translation tab, select Apply link translation to this rule.

  5. If you want links from Web pages that contain other character sets to be translated, select Also apply link translation to Web content using this character set, and then select a character set from the drop-down list.

  6. To configure local mappings, click Configure, and then perform the following steps for each local mapping that you want to add to the Web publishing rule selected.

    1. Click Add.

    2. In Replace this text, type a URL containing an internal host name (or IP address).

    3. In With this text, type a URL containing a publicly resolvable host name (or IP address).

    4. Click OK.

  7. Click OK, and then click OK again.

  8. Repeat steps 2 through 7 for other Web publishing rules for which you want to configure rule-specific link translation settings.

  9. On the Tasks tab, click Configure Global Link Translation Settings.

  10. On the General tab, verify that Enable link translation is selected.

  11. On the Global Mappings tab, perform the following steps for each global mapping that you want to add.

    1. Click Add.

    2. In the Internal URL field, type a URL containing an internal host name (or IP address).

    3. In the Translated URL field, type a URL containing a publicly resolvable host name (or IP address).

    4. Click OK.

  12. To enable and configure link redirection for unpublished internal sites, on the Link Redirection tab:

    1. Select Redirect clients navigating to these unpublished sites.

    2. Click Add to add or create a URL set containing the internal URLs of the unpublished sites.

    3. In Redirect users to this published URL, provide the URL to which you want users to be redirected when they use a link that points to one of the unpublished sites.

  13. To configure content types, on the Content Types tab, in Selected content types, select one or more content types.

  14. Click OK, and then click OK again.

  15. In the details pane, click Apply, and then click OK.

Note

  • Implicit mappings that map the internal name (or IP address) of the server published by the Web publishing rule to the public name (or IP address) of the Web site, or, if there are multiple public names, to the first public name, are created automatically.

  • The URLs in local mappings can contain a valid protocol (https:// or https://) and a path. However, the URLs specified in global mappings must begin with a valid protocol (https:// or https://). A port can also be specified; however, such a mapping will be excluded from a search for a link without a port. For example, a mapping that specifies the internal URL https://www.myInternal:80 will not translate the URL https://www.myInternal.

  • Forefront TMG translates only a complete URL or a part of a URL that is followed by a terminating character, such as a space or a slash. For example, if the search string in a mapping is https://contoso and the response contains the URL https://contosonews, this URL will not be translated using this mapping. This means that mappings are not path-specific. For example, the search string https://www.myInternal will match a link for https://www.myInternal/docs.

  • By default, when link translation is enabled for a rule, Forefront TMG blocks range requests for the content types to which the rule applies. Whereas this behavior cannot be modified in the Forefront TMG Management, the blocking of range requests can be disabled programmatically by using the RangeRequestsAllowedWithLinkTranslation property of the FPCWebPublishingProperties administration COM object in the Forefront TMG Software Development Kit (SDK). If the blocking of range requests is disabled, link translation will not be used for range requests.

  • Enable link redirection when you want to have users who request an unpublished site be redirected to a specific URL, rather than having them receive an error message.

  • By default, the link translation filter operates only on Web responses that include a MIME or file type specified in the HTML Documents content type. By default, the HTML Documents content type specifies the MIME types text/css, text/html, and text/webviewhtml, and the file extensions .htm, .html, .htt, .stm, and .xsl.

    To view and/or modify the MIME types and file types specified to be reviewed by the link translation filter, do the following:

    • In a multiple-array enterprise deployment, link translation makes use of the settings in the enterprise-level content types to determine whether it needs to perform translation on the body of the message. To review or modify these content types, expand Enterprise, and click Enterprise Policies. In the right pane, click Toolbox and select Content Types.

    • In a single-array deployment, click the Firewall Policy node. In the right pane, click Toolbox and select Content Types.

  • We recommend that you use the sample error page provided with Forefront TMG, or, alternatively, one based on the sample error page, to avoid creating a vulnerability to cross-site scripting attacks. For more information about cross-site scripting, see "Information on Cross-Site Scripting Security Vulnerability" on the Microsoft TechNet Web site.

Concepts

Publishing Web servers over HTTPS