The download and upload policies may seem straight-forward to configure, but surprisingly, they confuse an alarmingly high number of people. To configure this correctly, one needs to understand the logic behind the mechanism.
Configuring an upload and download enforcement has two parts. First, the administrators need to define to UAG what IS an upload, and what IS a download. Then, the policy is used to tell the server what to do with an upload and download.
What UAG does is inspect each and every request that a user does, and checks if that request constitutes an upload or download. If it is, then the server checks if the policy that is set for that application has evaluated as "passed" or "failed" at session logon, and based on that, will either allow the action, or deny it.
For the first part of this, UAG analyzes the requests sent by the user. This happens whenever the user's browser (or application) tries to request a URL from UAG. This happens...