cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor malware-alerts
Reliable Contributor
Report Inappropriate Content
Message 1 of 4

CSR 2.1 does not report HTTP 407 status?

Jump to solution

I'd like to generate a report to get some data on which sites triggered the HTTP 407 status the most in my environment in order to build a list of sites that should be made available without authentication.

Unfortunately, it seems that the only HTTP statuses CSR can report on are:

200

204

301

302

304

400

403

404

500

502

Can anyone confirm that or is there something I might be doing wrong?

I did look at the local logs on MWG and I do see plenty of HTTP 407.

Thanks.

Message was edited by: malware-alerts on 6/19/14 1:34:20 PM CDT
1 Solution

Accepted Solutions
Highlighted

Re: CSR 2.1 does not report HTTP 407 status?

Jump to solution

CSR and Web Reporter do not import lines with 407 status code. The reason is that every TCP connection in that deployment would get a 2nd hit. One before auth, and one after authentication.

So if you want them imported, you'd have the change their status code before writing to the log.

View solution in original post

3 Replies
Highlighted

Re: CSR 2.1 does not report HTTP 407 status?

Jump to solution

CSR and Web Reporter do not import lines with 407 status code. The reason is that every TCP connection in that deployment would get a 2nd hit. One before auth, and one after authentication.

So if you want them imported, you'd have the change their status code before writing to the log.

View solution in original post

McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: CSR 2.1 does not report HTTP 407 status?

Jump to solution

It should be noted that just be cause a site has 407 status code associated with it, does not mean that the site would fail to perform authentciation.

See the second post of this thread:

https://community.mcafee.com/message/333935#333935

With NTLM there will be two 407's before a 200.

Best,

Jon

Reliable Contributor malware-alerts
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: CSR 2.1 does not report HTTP 407 status?

Jump to solution

Jon, I agree with your statement.

I'm simply trying to pull a report where I can identify the sites that get the most initial connects from the widest amount of users to then be able to take a decision on which of those we could allow without authentication.

Pulling the 407s would have allowed me to export the table in excel and get these numbers (most connects by most amount of users) using a simple pivot table.

I simply ended up exporting the 407s from the raw logs from MWG and doing the calculations in excel so it's all good.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community