cancel
Showing results for 
Search instead for 
Did you mean: 
iburke
Level 7
Report Inappropriate Content
Message 1 of 5

Sites added to "url whitelist" under the url filtering rule set are getting blocked.

Jump to solution

I have a Web Gateway Appliance running 7.3.  The ruleset order i have is as follows:  Global Whitelist-->Global Block-->SSL Scanner-->Site Review-->Try-Auth-->Authorized Override-->Coaching-->URL Filtering-->Common Rules-->Media Type filtering-->Gateway Anti-Malware. 

I am a rooking at managing this software.  Basically, the top rule in the url filtering ruleset is to allow websites added to the url whitelist and then stop the ruleset.  However, if I add a url to the url whitelist and save the change, when I attempt to access the site I am presented with the "site review" url blocked page. 

The only way I can get to the blocked site is to add it to the global whitelist. 

Any ideas to get this functioning correctly?

A couple of screen shots are attached showing the ruleset order and such.

1 Solution

Accepted Solutions
Highlighted

Re: Sites added to "url whitelist" under the url filtering rule set are getting blocked.

Jump to solution

Yes you are right. HTTP Request going through your rule set from top to down. So if your request matches in the Site Review Rules they will worked on there.

Also you might want to check for the correct usage of the URL Properties here:

Best Practices: Creating URL related list entries

https://community.mcafee.com/docs/DOC-4514

And keep in mind to clock the Show Details button to make it more easier to understand your ruleset

4 Replies
btlyric
Level 12
Report Inappropriate Content
Message 2 of 5

Re: Sites added to "url whitelist" under the url filtering rule set are getting blocked.

Jump to solution

Rule order matters -- I'm guessing that since Global Whitelist is above Site Review it's taking precedence, but once you move further down the rule set, the SiteReview rule set kicks in. Not entirely sure how the connection is getting there since the top-level criteria on SiteReview doesn't indicate that you should get there unless SiteReview has been implemented, but what you coud do is enable rule tracing for your client IP address @ the very top of the rules and then review the path that the connection takes. Another option would be to create a log file that gets written when you set a specific user-defined property and configure that log file to write out String.ReplaceIfEquals(List.OfString.ToString (Rules.FiredRules.Names), "" "-"). Then set the property for your client IP and MWG will log the path through the rules that the connection takes.

Another possibility is that Global Whitelist is using slightly different criteria than URL Whitelist and URL Whitelist simply isn't matching on the connection -- that would suggest that you would fall down into your Block URLs rule and I'm guessing that the Event there might redirect to Site Review, but without rule details, I can't be sure.

Highlighted

Re: Sites added to "url whitelist" under the url filtering rule set are getting blocked.

Jump to solution

Yes you are right. HTTP Request going through your rule set from top to down. So if your request matches in the Site Review Rules they will worked on there.

Also you might want to check for the correct usage of the URL Properties here:

Best Practices: Creating URL related list entries

https://community.mcafee.com/docs/DOC-4514

And keep in mind to clock the Show Details button to make it more easier to understand your ruleset

iburke
Level 7
Report Inappropriate Content
Message 4 of 5

Re: Sites added to "url whitelist" under the url filtering rule set are getting blocked.

Jump to solution

Thank you for the document.  I had this setup with the help of a consultant and apparently he hadn't read this document as many of our URL whitelist entries were not created in a suggested manner.

iburke
Level 7
Report Inappropriate Content
Message 5 of 5

Re: Sites added to "url whitelist" under the url filtering rule set are getting blocked.

Jump to solution

Thank you very much for your information.  I will try out the rule tracing.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community