My last post reminded me
Ever since I re-enabled the "SSL Scanner > Handle CONNECT call > Set Client Context" Rule (which did fix my problem of HTTPS sites not reauthenticating clients) any URLs that I've overwritten categories of don't receive the overwritten category when it's an HTTPS site.
An imaginary example would be I change the category of weaponsrus.com from Weapons and Online Shopping to just OnlineShopping. The overwrite works perfectly for HTTP, but for HTTPS it still shows up as Weapons and Online Shopping.
Any ideas or reasoning behind this?
how exactly are you overwriting the categories? Are you using an Extended List for this or user defined categories? It would also be possible to do this with a custom rule. As there are so many ways of doing this we need more info to figure out why it is not working in your case.
This is working for me with an extended list. For protocol I've selected "any protocol" and my category is set to the one I defined in the list, doesn't matter if I use HTTP or HTTPS.
I'm checking this in the access log and I currently have only MWG 7.1 (not released yet) available for testing. I'll test this again with 18.104.22.168 a bit later.
Finished my test with 22.214.171.124.0 with a Default Ruleset; except that I enabled the SSL Scanner rules, so that MWG looks into HTTP traffic.
I tested with the domain cyberport.de, which is a german shopping site.
This is from the access log with the normal URL Category set:
"GET http://www.cyberport.de/favicon.ico HTTP/1.1" "Online Shopping" "Minimal Risk"
and for HTTPS:
"GET https://www.cyberport.de/favicon.ico HTTP/1.1" "Online Shopping" "Minimal Risk"
Now I created a new extended list with the following data:
After that I assigned this list to the TrustedSource settings:
When I now access this site I get the following entries:
"GET http://www.cyberport.de/favicon.ico HTTP/1.1" "Business" "Unverified"
"GET https://www.cyberport.de/favicon.ico HTTP/1.1" "Business" "Unverified"
The category has changed for HTTP and HTTPS from "Online Shopping" to "Business".
Do you have an example where it is not working? Maybe our configuration differs or it's not working for all sites.
Sorry for the delay. I had a busy day yesterday.
Here is me setting up aetna.com for an override. I highlighted the site and time.
Here is the what happens when I try to reach https://www.aetna.com/. Date and time are highlighted again.
Shouldn't this be categorized as Health?
PS - 2 things
1 - If you try to reach https://www.aetna.com it should just redirect to the http site.
Message was edited by: ittech so I could add the Post Script on 2/2/11 9:06:17 AM EST
2- LOLz to the Supermarket Ad overwrites!
I did exactly the same and tried it again with aetna.com. Works perfectly fine for me. I even set the "Parked Somain" category to be blocked.
Here is the entry from my access log:
[02/Feb/2011:14:18:58 +0000] "" 10.149.105.33 200 "GET https://www.aetna.com// HTTP/1.1" "Health" "Unverified" "text/html" 5283 "" "" "0"
[02/Feb/2011:14:18:58 +0000] "" 10.149.105.33 200 "GET https://www.aetna.com//favicon.ico HTTP/1.1" "Health" "Unverified" "image/x-icon" 7406 "" "" "0"
The category is "Health", just as I defined it in my extended list and it isn't blocked.
There must be something we are overlooking, maybe a different rule that triggers re-categorization or a manually category overwrite elsewhere.
Sorry for the slow replies. It's Windows 7 deployment season!
I can get to this site now:
My reports show that it was previously blocked due to parked domain.
Still no luck on the https://www.aetna.com though
Here's my current config if that helps.
Ok, I'm lost here and running out of ideas fast.
We know that the https://www.aetna.com is blocked by the rule Block URLs whose category is in Category BlockList "Admins", which is in the rulesets Content Filter for User Group "Admins" > URL Filtering.
It's blocked in the request cycle, so it's blocked before a response comes back from the webserver. We can confirm this because the rule only works for requests. The block applies because the domain is categorized as "Parked Domain", which is in the blocklist Category BlockList "Admins".
This is nothing new, but why is the domain categorized as "Parked Domain"? This is never the case in my tests, it's always "Health". I checked with trusted source and it comes back as SmartFilter Category:Health.
I've really no idea why this is the case here. What's even stranger is that you can now reach the member login, which was blocked before with the same block message.
I'll keep thinking about this ...