cancel
Showing results for 
Search instead for 
Did you mean: 
jleppert
Level 7

403 status code with bytes

Jump to solution

How can the gateway logs show that traffic was blocked with a 403 http code yet show that bytes went in and out?

Seems to me that if it was blocked, zero bytes would be shown.

tia

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: 403 status code with bytes

Jump to solution

Hi!

What if the Web Gateway blocked something like a virus? Or blocked because you didnt allow EXE downloads?

MWG must first download the file in order to know it's a virus or EXE (in some cases).

If it's a category block, still, there will be bytes reflected in the log because MWG had to deliver a block page.

Best Regards,

Jon

0 Kudos
2 Replies
McAfee Employee

Re: 403 status code with bytes

Jump to solution

Hi!

What if the Web Gateway blocked something like a virus? Or blocked because you didnt allow EXE downloads?

MWG must first download the file in order to know it's a virus or EXE (in some cases).

If it's a category block, still, there will be bytes reflected in the log because MWG had to deliver a block page.

Best Regards,

Jon

0 Kudos
jleppert
Level 7

Re: 403 status code with bytes

Jump to solution

I was hoping someone would validate your answer but it doesn't appear it's going to happen anytime soon. What you stated makes sense to me as it appears there are different steps in the validation process of rules. I suppose it's possible that it could download a response from a users request, log the size of that transfer, see's something in it that it's configured to reject and marks it with a 403 to block with that data never actually being passed to the user.

Thanks for your contribution Jon

0 Kudos