Why does this keep coming up as "Web Mail"? I tried to change the category by remapping it and that doesn't work either. Trusted Source says Business, Software/Hardware.
[22/Mar/2011:14:57:33 -0400] "rharvey" 172.16.104.125 0.0.0.0 403 "POST https://urs.microsoft.com/urs.asmx?MSPRU-Client-Key=/Zx6nNdOLxz0sU8KVFS6Yw%3d%3d&MSPRU-Patented-Lock... HTTP/1.1" "Web Mail" "Minimal Risk" "" 0 "VCSoapClient" "" "10"
Anyone else have this issue. It is throwing off our entire "Web Mail" category in Web Reporter.
Not sure exactly, but if you resolve that IP (for it's 188.8.131.52) and lookup the IP, it's categorized as webmail.
Something is categorizing the IP instead of the URL.
Here are some more logs from today: The first IP address is the destination IP. I took out our client IPs. So we have the same destination IP coming up as different categories. What can I do? Thanks!
Well, i cannot reproduce that behaviour, but you could put urs.microsoft.com into the extended list and have it recategorize the site to always be Business, Hardware/Software to always force it to those categories.
It also comes up like this: 184.108.40.206
220.127.116.11 200 "POST https://urs.microsoft.com/urs.asmx?MSPRU-Client-Key=u8tZywJ9GajB6xhMPz5GqA%3d%3d&MSPRU-Patented-Lock... HTTP/1.1" "Business, Software/Hardware" "Minimal Risk" "" 540 "" "" "0"
And also this: 18.104.22.168
22.214.171.124 200 "POST https://urs.microsoft.com/urs.asmx?MSURS-Client-Key=6yVvLXtAkDlfkR%2bKyTxDaA%3d%3d&MSURS-Patented-Lo... HTTP/1.1" "Business, Software/Hardware" "Minimal Risk" "" 515 "" "" "0"
This post is a couple of years old but it certainly helped me. I encountered the same issue. "hXXp://eagledoorandhardware.com" was being blocked due to categorization as Web Mail. Trusted Source said it wasn't categorized. After scratching my head, I searched this forum.
It turns out that eagledoorandhardware.com resolves to 126.96.36.199. A reverse lookup of 188.8.131.52 results in server.monsterblu12.com which is categorized as Web Mail. As soon as I added eagledoorandhardware.com to the extended list and categorized it as "Business", eagledoorandhardware.com was no longer blocked, although
server.monsterblu12.com is still blocked because it's Web Mail. Perfect!
Apparently, when the gateway encounters an uncategorized site, it uses the IP address in an attempt to assign a category. Assigning the category in the extended list prevents MWG from categorizing based on the reverse lookup.