I did a implementation using MWG 7.1.5 and using URL Category Blocklist like the image:
And in the category blocklist I have a lot of category and when I try access a website in these categories I can access without problem, look this log:
[20/Sep/2011:09:26:23 -0300] "luizricardo" 10.61.0.121 200 "GET http://playboy.abril.com.br/wp-content/plugins/clubalfa-landing-pages/assets/images/sprite-bulets.pn... HTTP/1.1" "Malicious Sites, Pornography" "High Risk" "image/png" 319 "" "" "0"
What can I do to trace the police permit this traffic ?
My configuration has 3 TOP RuleSet:
1st: Global Whitelist
2nd: Authentication and Authorize
3rd: Common Rules enabling cache
And the others rules to filter traffic for specific Internet Groups and in all groups have two rule sets: A rule with whitelist for the group, a category blocklist, url blocklist, Risk policy and the other rule set is for MediaType files.
what is wrong ? or what can I do to check this?
Thanks a lot!
from the screenshot your rules look as if it should work, but there might be a rule that whitelists the request before it comes to the ruleset. You should check if there is any "Stop Cycle" action before this ruleset. You might also want to check the entry criteria for the rule set group to check if the request really entered this rule set.
For debugging your rules:
The "Enable RuleEngineTracing" is a very good idea to check what is actually going wrong, but using it in the rule here will not work. When you can access the site the rule did not trigger, so the event did not trigger either. You should enable RuleEngineTracing before, maybe even at the start to catch the whole execution tree.
I found the problem. When I typed the criteria to filter I've used Authentication.UserGroups contains "User Group" but I was typed with two ""User Group"" and after removed this all rules work fine.
Thanks again for the support!
this is happening with me , in category content filtering, URL BLOCKED section , pornogrpahy has been bloccked but when i sit at my workstation i can easily access porn websites. why is that?
Not every situation is the same, but I imagine there may be some misconfiguration in your rules to allow it.
I have written an article which describes how to form your policy:
This takes into account situations like what I imagine you are encountering.