cancel
Showing results for 
Search instead for 
Did you mean: 
dcaffrey
Level 10

Rule Engine Error

Hi,

Getting a lot of the following errors today with sites that are Uncategoized and Unverified, is there any way to modify the rule to avoid this error ?

Thanks,

Dec

URL: http://www.ckan.net/
URL Categories:
Current Rule ID: 15381
Current Rule Name: Block URLs With Bad Reputation
Error Message: [WrongPropState] ARuleElem: RetrievePropertyValue: State of Property com.scur.engine.trustedsource.isunverified is kPropError.

0 Kudos
12 Replies
McAfee Employee

Re: Rule Engine Error

Hi Dec,

this is due to the fact, that the TS SDK couldn't get the status of an URL from the cloud due to connectivity issues. This is an unfortunate behaviour that for the time being can only be resolved by disabling Cloud lookups. We are resolving this error in 7.0.2 by adding the possibility to react upon this error and not block in this case.

best,

Michael

0 Kudos
dcaffrey
Level 10

Re: Rule Engine Error

Hi Michael,

Thanks for the reply, has something changed in the cloud ? why are there suddenly connectivity issues which seem to be still ongoing ?

My problem is all uncategorised sites ( a lot ) are now failing with this error

Dec

0 Kudos
McAfee Employee

Re: Rule Engine Error

Hi Dec,

It#s working here. Plese do me the favour and go to the shell of your MWG appliance.

From there do:

host tunnel.web.trustedsource.org

This should give you an output like:

mcapfelchen:~ michaelschneider$ host tunnel.web.trustedsource.org
tunnel.web.trustedsource.org has address 161.69.165.6

Now try to ping the IP:

mcapfelchen:~ michaelschneider$ ping 161.69.169.6
PING 161.69.169.6 (161.69.169.6): 56 data bytes
64 bytes from 161.69.169.6: icmp_seq=0 ttl=47 time=26.478 ms
64 bytes from 161.69.169.6: icmp_seq=1 ttl=47 time=22.737 ms
64 bytes from 161.69.169.6: icmp_seq=2 ttl=47 time=24.253 ms
64 bytes from 161.69.169.6: icmp_seq=3 ttl=47 time=22.554 ms
64 bytes from 161.69.169.6: icmp_seq=4 ttl=47 time=22.991 ms

check if you can connect to port 443 on this IP.

telnet 161.69.169.6 443

What do you get?

Some additional Qs:

Have you changed your network in terms of having MWG working in a proxy chain?

Have you configured upstream proxies in MWG of any kind?

Is MWG allowed to reach out directly to the internet on port 443?

thanks,

Michael

0 Kudos
dcaffrey
Level 10

Re: Rule Engine Error

Hi Michael,

tunnel.web.trustedsource.org has address 161.69.92.6

Can't ping it but can telnet to port 443

Trying 161.69.92.6...
Connected to 161.69.92.6.
Escape character is '^]'.

Haven't changed anything in network, it goes directly out on 443

The only thing that changes is the IP address of tunnel.web.trustedsource.org

Dec

0 Kudos
McAfee Employee

Re: Rule Engine Error

Thanks for checking -  just for the purpose of this test, could you please enter the IP we have just found into the TS configuration you are using and modify it to match mine below?

What happens then?

TS.jpg

So you know - I just used 'your' IP and it works here with this server.

thanks,

Michael

0 Kudos
dcaffrey
Level 10

Re: Rule Engine Error

Hi Michael,

It's working now with the IP entered directly ( both IP's work )

Is it ok to use a set IP and if so which one ? I've also seen it resolved to 8.18.25.6 and  8.21.161.6

Should I untick "Do a forward DNS lookup to rate URLs" and "Do a backward DNS lookup for an unrated IP-based URLs" ?

What happens to uncategorised URL's in the cloud ?

Thanks Again,

Dec

0 Kudos
McAfee Employee

Re: Rule Engine Error

Hello Dec,

I will forward the results fo this discussion to the ops team in charge of the servers.

The DNS checks are performed to add security in terms of if somebody is requesting an IP, we check if we have a URL for it, if somebody is requesting an URL we check if we find the IP in our categories.

Unrated URLs are queued and are being processed by autoraters, if these yield no results they are processed manually.

best,

Michael

0 Kudos
dcaffrey
Level 10

Re: Rule Engine Error

Hi Michael,

That's great many thanks for your help, is it only autorating ? is anything done with categorisation ?

Dec

0 Kudos
McAfee Employee

Re: Rule Engine Error

Hi Dec,

it is not only autorating! An autorate is attempted for certain categories that are easily definable, whereas a manual review by the global categorisation team is done in most cases, as a human interpretation is providing the best quality criteria you can get.  Think about a website where they talk about s*x and anatomic aspects all the time - just autorating it will be difficult, given that it could be a medical page where these topics are discussed.

best,

Michael

0 Kudos