I just tested the dynamic content classifier (DCC). I am dynamically blocking the category 'Pornography' in the response cycle. The blocking works nice, but the default error message is telling me this:
As you can see in the last line of the error message, it is saying it was NOT blocked by DCC.
The log file does in fact show that DCC has blocked.
Is this a bug?
Bug? I can't say. Wierd? definately.
I haven't tried this in 7.4 yet, but have observed strangeness with 188.8.131.52.
I think it has something to do with the cycles. When the request comes in first, in the request cycle, it is uncategorized.
When the content comes in the response cycle, the content is categorized and if there is a block right there, then you should get DCC.ResultComputedByDCC=true.
However, URL.Host is then cached with that category for the next 10 or 15 minutes. Any subsequent requests won't do another lookup and will pull the results from cache.
What i don't know is if the DCC.ResultComputedByDCC (and RequestSentToCloud) is set to true on subsequent requests when pulling from cache. I would have to test, once i get try it on 7.4.
You say the logs tell you it does, but block page does not. I believe that because sometimes properties don't get sent to the block pages like you think they should. It is likely something to do with <MostRecentlyUsed> on subsequent requests that are cached.
But to bring up another pet peeve of mine, it annoys me that you have to have 2 rulesets for DCC. The challenge is I want to DCC as many categories as i possible can and log the fact they are DCC'd...even the ones i would want to allow, like games or business.
However, if i have some group exceptions, like GroupA is allowed to go to Games, but group B is not, i have to duplicate those rules in the DCC rule set.
So, as a solution, i've worked out a way to accomodate that.
|URL Filtering |
[URL Filtering: The primary flow of blocking sites by categories.
Applies to: [✔] Requests [✔] Responses [✘] Embedded Objects
The interesting thing to note here, is when a category gets DCC'd, it sets a block header for the block page to use, if needed.
Header.Block.Add ("X-DCC-Categories", String.Concat (List.OfCategory.ToString (URL.Categories<URL Filter: Default>), "(DCC)"))
Then i use this in the logs and block page:
String.ReplaceIfEquals (String.ReplaceIfEquals (Header.Block.Get ("X-DCC-Categories"), "", List.OfCategory.ToString (URL.Categories<MostRecent>)), "", "-")
If X-DCC-Categories has something in it, display it, like "Games(DCC)"
If it's empty ("") then display the URL.Categories.
If both are empty, display "-"
And the page displays as:
URL Categories: Games(DCC)
Another reason to use the Header.Block.Add instead of User-Defined variables, is so you can transport block pages between machines. Anybody who has ever tried it knows what i mean.
Quick answer is, no this is not a bug.
By default DCC is only supposed to apply to uncategorized URLs (so we can attempt to find a categorization). Playboy.com IS categorized, so DCC should not apply.
Jon, that is strange. Because DCC is definitely hitting for categorized URLs in my case. I have a very simple rulebase that contains absolutely no URL-filtering rules at all, with the exception of the default DCC ruleset. My requests to playboy.com are being blocked for pornography. The logfile (access_denied.log) prints the rule that blocked the request and it clearly states it was the DCC rule.
Am I missing something here?
I am not sure but I think there is misunderstanding either on my side or on your side :-)
If you look at the DCC setting there is a hint:
So even if you turn off all cetegorizations and ONLY turn on the DCC setting, MWG will STILL ask for the URL in the cloud. In the logs you will see that the categorization was performed by DCC, but "DCC only" in this case means "ask the cloud, use DCC is there is no category in the cloud". Since playboy.com is categorized in the cloud (I am very sure it is...) I think the detection as "Pornography" is coming from the cloud, not DCC.
that makes sense, thank you.
However, this still seems inconsistent to me: If I only have the DCC rule, then only DCC should block, not a (categorized) cloud lookup result. I know this is hair splitting
I was confused, too. So I agree with you :-) If you want to rely on DCC only (for testing or so) you can only prevent MWG from talking to GTI (or find an uncategorized URL) and try again. At the moment you will get Cloud + DCC when you use DCC only As far as I now the list of categories shown in the block page have an "*" attached when DCC did the categorization rather than the cloud lookup. Maybe that helps :-)