none
Forefront TMG URL Filtering --Google translate RRS feed

  • Question

  • Hi

    I faced a problem

    I am using TMG 2010 and block the xxx sites but

    if any one use Google translate then it will open the site direct?????

     

    any advice

    Sunday, October 30, 2011 1:39 PM

Answers

  • I guess where there is a will there is a way.

    I tested this in my lab and I think your only choice is to create a Deny Rule in TMG and create a URL set for http://translate.google.com/*. Put the two together and block your users from that page.

    Unfortunately Google is offering this as a service and they pull the web content in, translate it if necessary, and it appears to be coming from their servers. I don't think there is any other way around it other than to block them and any other service that springs up like this.

     

     

    Wednesday, November 2, 2011 2:45 PM
    Answerer

All replies

  • Hello,

    to deny access for nudity / pornographic websites, you can use category filtering (The License should not be expired).

    To check which rule is allowing access to these Websites then you can enable logging to get more information.

    Make sure that your users are not using Proxy clients like Ultra Surf and Hot Spot to access such websites. If yes then block the traffic destination for these utilities.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Sunday, October 30, 2011 9:18 PM
  • Mr X

    Thx for ur reply the TMG is license and configured to block the Nudity category and Ultra Surf and Hot Spot to cant open site or work

    but the problem is ny one use Google translate he get access the sites normally cos it is works over Google (it is appears as a Google request)

     

    Monday, October 31, 2011 6:00 AM
  •  

    Mr X

     

    Thx for ur reply the TMG is license and configured to block the Nudity category and Ultra Surf and Hot Spot to cant open site or work

     

    but the problem is ny one use Google translate he get access the sites normally cos it is works over Google (it is appears as a Google request)

     

     

     

    Try then blocking websites based on HTTP signatures (For HTTPS traffic, enable https inspection to inspect it).

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Monday, October 31, 2011 4:26 PM
  • Mashaleh,

    Can you walk me through exactly what your users are doing to get around this? What do you mean by using Google translate?

    Keith

    Tuesday, November 1, 2011 6:35 PM
    Answerer
  • Mashaleh,

    Can you walk me through exactly what your users are doing to get around this? What do you mean by using Google translate?

    Keith


    Dear

    any one wanna to access a web site that is blocked (ex. sex.com is blocked any user can use the translate.google.com like this

    http://translate.google.com/translate?hl=ar&sl=en&tl=ar&u=http%3A%2F%2Fsex.com

    and he will access and view the site over google

    MY TMG will see the traffice as a google request ,....

    I hope you get my point

    Wednesday, November 2, 2011 12:00 PM
  • I guess where there is a will there is a way.

    I tested this in my lab and I think your only choice is to create a Deny Rule in TMG and create a URL set for http://translate.google.com/*. Put the two together and block your users from that page.

    Unfortunately Google is offering this as a service and they pull the web content in, translate it if necessary, and it appears to be coming from their servers. I don't think there is any other way around it other than to block them and any other service that springs up like this.

     

     

    Wednesday, November 2, 2011 2:45 PM
    Answerer
  • Agree with Keith.

    You can also try blocking traffic based on HTTP signatures and check results.

    The solution provided by Keith seems to be better but here you will block using translate.google.com.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Wednesday, November 2, 2011 7:29 PM
  • I bocked the google translate but the whole users start crying they are using the translation as a service and they need it,...

     

    But Mr. X

     Plz advice me  I am reading this link

    http://www.isaserver.org/tutorials/Configuring-Forefront-TMG-HTTP-Filter.html

    but I did not find how to do it can you?

    Wednesday, November 2, 2011 8:39 PM
  • I bocked the google translate but the whole users start crying they are using the translation as a service and they need it,...

     

    But Mr. X

     Plz advice me  I am reading this link

    http://www.isaserver.org/tutorials/Configuring-Forefront-TMG-HTTP-Filter.html

    but I did not find how to do it can you?

    Tell your users to use Bing Translator instead of Google one: http://www.microsofttranslator.com/

    Like that you can block Google Translator.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Wednesday, November 2, 2011 8:54 PM
  • I totally agree with Mr. X. Bing Translator is very good and it doesnt allow your users to get around the URL filtering.

     

    Thursday, November 3, 2011 1:30 PM
    Answerer
  • I bocked the google translate but the whole users start crying they are using the translation as a service and they need it,...

     

    But Mr. X

     Plz advice me  I am reading this link

    http://www.isaserver.org/tutorials/Configuring-Forefront-TMG-HTTP-Filter.html

    but I did not find how to do it can you?

    Tell your users to use Bing Translator instead of Google one: http://www.microsofttranslator.com/

    Like that you can block Google Translator.

     

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

     


    I do it and test the bing it is also open the xxx sites like the Google translate,....:(
    Saturday, November 5, 2011 6:00 PM
  • ????????????????
    No more than...your tears
    Thursday, November 17, 2011 1:53 PM
  • I tested it with Bing translate and didn't get the same results. Block whatever sites you need to so they cannot get around this.

    I think your only choice at this point is to warn your end users that they are violating your policies by doing this. Maybe disciplinary action will be required before they will stop.

    • Proposed as answer by ms_c Thursday, February 28, 2013 3:33 PM
    • Unproposed as answer by ms_c Thursday, February 28, 2013 3:34 PM
    Monday, December 5, 2011 6:50 PM
    Answerer
  • Brothers and sisters,

    I see nothing but anger and frustration. Indeed, that was also my first impression about TMG 2010. It takes a while till you will get it right (if that will be the case). It is getting messy once in a while. This thread is one of those cases. If TMG if the only FW in your Org, you have the feeling that your hands are tied up. Many times is so 4 real. :)

    But not in this case.

    Create an access rule. Create a Domain Name Set that contains http://*.translate.google.com. Allowed Protocols : HTTP

    And here is THE SOLUTION:

    After you right click on the rule - Configure HTTP - Methods Tab - Allow Only specified Methods - GET

      

       

    Save your souls (and your money)!




    • Proposed as answer by ms_c Thursday, February 28, 2013 3:49 PM
    • Edited by ms_c Thursday, February 28, 2013 3:53 PM
    Thursday, February 28, 2013 3:46 PM
  • There is no easy solutions for this.

    But, please note that only TEXT (HTML) is coming from google translate domain, nothing else.
    So my solutions was:

    Surf pornsites with googletranslate, (take logs, take porn users logs and use them at your advantage) and ALWAYS when you see image, it means image site is not blocked.
    So you need add gategory for that image domain (many time its IP address) and then it is blocked even when someone is using google translate.
    After you do that, users can only see tranlsatet text and no images or videos.

    It is a little time consuming.


    - Meitzi [MCITP]

    Friday, March 1, 2013 1:10 PM