cancel
Showing results for 
Search instead for 
Did you mean: 

URL category conflict

Jump to solution

we've had a few situations where user's are getting blocked for a cetegory but when we look up the trustedsource webpage http://www.trustedsource.org/urlcheck/ the site is listed as uncategorised. However webgateway thinks it's Residential IP Addresses

Both URL engines match. Ie on trusted source it is using 38121 and the dashboard on the gateways are showing the same.

Site I have is esalearning.org.

Anyone from McAfee have any ideas why this is happening?

McAfee version 72030 & 72050

1 Solution

Accepted Solutions
eelsasser
Level 15

Re: URL category conflict

Jump to solution

The primary reason is that the URL filter setting will do a lookup of the IP address if there is no URL category.

If you uncheck this setting, you will get the same results as TrustedSoruce.org.

Capture.png

The MWG does an extra step to try to rate unknown URLs by looking up their IP address, but the online lookups on the web site do not.

If you did a second explicit lookup on the TS web site for the IP address, you would get the same results that MWG provides:

Capture2.png

Capture3.png

Message was edited by: eelsasser on 1/30/13 3:00:12 PM EST
0 Kudos
4 Replies
trevorw2000
Level 10

Re: URL category conflict

Jump to solution

I will second this...I have had many instances since we implimented McAfee Web Gateway where the block page will list categories that don't match up with what I can pull from Trusted Source.  I even scrolled through all the various options there to see if they we were somehow pulling from the wrong source, and none of them matched what our gateway gave for a block reason.  We're running 7.3.0.2.0 (14242).

0 Kudos
eelsasser
Level 15

Re: URL category conflict

Jump to solution

The primary reason is that the URL filter setting will do a lookup of the IP address if there is no URL category.

If you uncheck this setting, you will get the same results as TrustedSoruce.org.

Capture.png

The MWG does an extra step to try to rate unknown URLs by looking up their IP address, but the online lookups on the web site do not.

If you did a second explicit lookup on the TS web site for the IP address, you would get the same results that MWG provides:

Capture2.png

Capture3.png

Message was edited by: eelsasser on 1/30/13 3:00:12 PM EST
0 Kudos

Re: URL category conflict

Jump to solution

Thx, that's done the trick!

0 Kudos
btlyric
Level 12

Re: URL category conflict

Jump to solution

Due to reasons detailed in eelsasser's post and the fact that I was tired of going to TSDB and issuing 4 different requests to check hostname against resident and cloud and then IP against resident and cloud, I created a URL checker rule set that looks at both local and cloud designations for hostnames and IPs.

One thing that it's still missing is a check against hostname returned from a reverse IP lookup, but in general it gets the job done.

I think that I gave a copy of this rule set to eelsasser or asabban, but I'm not 100% sure.

If I didn't and there's enough interest in it, I might be able to find the time to clean it up for public dissemination.