cancel
Showing results for 
Search instead for 
Did you mean: 
ittech
Level 13

Category Overrides not working for HTTPS

My last post reminded me

Ever since I re-enabled the "SSL Scanner > Handle CONNECT call > Set Client Context" Rule (which did fix my problem of HTTPS sites not reauthenticating clients) any URLs that I've overwritten categories of don't receive the overwritten category when it's an HTTPS site.

An imaginary example would be I change the category of weaponsrus.com from Weapons and Online Shopping to just OnlineShopping. The overwrite works perfectly for HTTP, but for HTTPS it still shows up as Weapons and Online Shopping.

Any ideas or reasoning behind this?

0 Kudos
14 Replies
dstraube
Level 11

Re: Category Overrides not working for HTTPS

Hello ittech,

how exactly are you overwriting the categories? Are you using an Extended List for this or user defined categories? It would also be possible to do this with a custom rule. As there are so many ways of doing this we need more info to figure out why it is not working in your case.

Regards,

Dirk

0 Kudos
ittech
Level 13

Re: Category Overrides not working for HTTPS

Using an Extended List in 7.0.2.2

0 Kudos
dstraube
Level 11

Re: Category Overrides not working for HTTPS

This is working for me with an extended list. For protocol I've selected "any protocol" and my category is set to the one I defined in the list, doesn't matter if I use HTTP or HTTPS.

I'm checking this in the access log and I currently have only MWG 7.1 (not released yet) available for testing. I'll test this again with 7.0.2.2 a bit later.

0 Kudos
dstraube
Level 11

Re: Category Overrides not working for HTTPS

Finished my test with 7.0.2.2.0 with a Default Ruleset; except that I enabled the SSL Scanner rules, so that MWG looks into HTTP traffic.

I tested with the domain cyberport.de, which is a german shopping site.

This is from the access log with the normal URL Category set:

"GET http://www.cyberport.de/favicon.ico HTTP/1.1" "Online Shopping" "Minimal Risk"

and for HTTPS:

"GET https://www.cyberport.de/favicon.ico HTTP/1.1" "Online Shopping" "Minimal Risk"

Now I created a new extended list with the following data:

ts_extendedlist.jpg

After that I assigned this list to the TrustedSource settings:

ts_trustedsource.jpg

When I now access this site I get the following entries:

"GET http://www.cyberport.de/favicon.ico HTTP/1.1" "Business" "Unverified"

"GET https://www.cyberport.de/favicon.ico HTTP/1.1" "Business" "Unverified"

The category has changed for HTTP and HTTPS from "Online Shopping" to "Business".

Do you have an example where it is not working? Maybe our configuration differs or it's not working for all sites.

0 Kudos
ittech
Level 13

Re: Category Overrides not working for HTTPS

Sorry for the delay. I had a busy day yesterday.

Here is me setting up aetna.com for an override. I highlighted the site and time.

Here is the what happens when I try to reach https://www.aetna.com/. Date and time are highlighted again.

Aetna2.png

Shouldn't this be categorized as Health?

PS - 2 things

1 - If you try to reach https://www.aetna.com it should just redirect to the http site.


2- LOLz to the Supermarket Ad overwrites!

Message was edited by: ittech so I could add the Post Script on 2/2/11 9:06:17 AM EST
0 Kudos
dstraube
Level 11

Re: Category Overrides not working for HTTPS

Hello,

I did exactly the same and tried it again with aetna.com. Works perfectly fine for me. I even set the "Parked Somain" category to be blocked.

Here is the entry from my access log:

[02/Feb/2011:14:18:58 +0000] "" 10.149.105.33 200 "GET https://www.aetna.com// HTTP/1.1" "Health" "Unverified" "text/html" 5283 "" "" "0"
[02/Feb/2011:14:18:58 +0000] "" 10.149.105.33 200 "GET https://www.aetna.com//favicon.ico HTTP/1.1" "Health" "Unverified" "image/x-icon" 7406 "" "" "0"

The category is "Health", just as I defined it in my extended list and it isn't blocked.

There must be something we are overlooking, maybe a different rule that triggers re-categorization or a manually category overwrite elsewhere.


0 Kudos
ittech
Level 13

Re: Category Overrides not working for HTTPS

Sorry for the slow replies. It's Windows 7 deployment season!

I can get to this site now:

https://member.aetna.com/appConfig/login/login.fcc?TYPE=33554433&REALMOID=06-c927221c-2594-4cfa-83c2...

My reports show that it was previously blocked due to parked domain.

Still no luck on the https://www.aetna.com though

Here's my current config if that helps.

0 Kudos
dstraube
Level 11

Re: Category Overrides not working for HTTPS

Ok, I'm lost here and running out of ideas fast.

We know that the https://www.aetna.com is blocked by the rule Block URLs whose category is in Category BlockList "Admins", which is in the rulesets Content Filter for User Group "Admins" > URL Filtering.

It's blocked in the request cycle, so it's blocked before a response comes back from the webserver. We can confirm this because the rule only works for requests. The block applies because the domain is categorized as "Parked Domain", which is in the blocklist Category BlockList "Admins".

This is nothing new, but why is the domain categorized as "Parked Domain"? This is never the case in my tests, it's always "Health". I checked with trusted source and it comes back as SmartFilter Category:Health.

I've really no idea why this is the case here. What's even stranger is that you can now reach the member login, which was blocked before with the same block message.

I'll keep thinking about this ...

0 Kudos
ittech
Level 13

Re: Category Overrides not working for HTTPS

I think the problem is my appliance. I looked up https://www.aetna.com and https://members.aetna.com on the Trusted Source website today and it came back with a Health category.

aetna3.PNG

Any suggestions on how to fix?

0 Kudos