I have a strange one, where the user is going to a web site using a rule with a HTTP non-transparent proxy with no enforcement check, and part of the web site you can export a query to a csv file and it is at this point the user get the "Access Denied"
There are no errors in the audit logs, and don't understand why the GTI would block the export of a file.
Has anyway see this and what the fix maybe?
There are a few cases where the firewall does not audit something. Very few. We would have to look at the whole audit stream to be sure that it is not actually auditing something here.
If you're at v8 you can put the HTTP proxy into debug mode and collect audit again. Sometimes that will show us an error we could not see before.
$> cf agent mod name='HTTP Proxy' debug_level=6
- Collect audit
- Turn the debug off:
$> cf agent mod name='HTTP Proxy' debug_level=0