Getting a lot of the following errors today with sites that are Uncategoized and Unverified, is there any way to modify the rule to avoid this error ?
Current Rule ID: 15381
Current Rule Name: Block URLs With Bad Reputation
Error Message: [WrongPropState] ARuleElem: RetrievePropertyValue: State of Property com.scur.engine.trustedsource.isunverified is kPropError.
this is due to the fact, that the TS SDK couldn't get the status of an URL from the cloud due to connectivity issues. This is an unfortunate behaviour that for the time being can only be resolved by disabling Cloud lookups. We are resolving this error in 7.0.2 by adding the possibility to react upon this error and not block in this case.
Thanks for the reply, has something changed in the cloud ? why are there suddenly connectivity issues which seem to be still ongoing ?
My problem is all uncategorised sites ( a lot ) are now failing with this error
It#s working here. Plese do me the favour and go to the shell of your MWG appliance.
From there do:
This should give you an output like:
mcapfelchen:~ michaelschneider$ host tunnel.web.trustedsource.org tunnel.web.trustedsource.org has address 18.104.22.168
Now try to ping the IP:
mcapfelchen:~ michaelschneider$ ping 22.214.171.124 PING 126.96.36.199 (188.8.131.52): 56 data bytes 64 bytes from 184.108.40.206: icmp_seq=0 ttl=47 time=26.478 ms 64 bytes from 220.127.116.11: icmp_seq=1 ttl=47 time=22.737 ms 64 bytes from 18.104.22.168: icmp_seq=2 ttl=47 time=24.253 ms 64 bytes from 22.214.171.124: icmp_seq=3 ttl=47 time=22.554 ms 64 bytes from 126.96.36.199: icmp_seq=4 ttl=47 time=22.991 ms
check if you can connect to port 443 on this IP.
telnet 188.8.131.52 443
What do you get?
Some additional Qs:
Have you changed your network in terms of having MWG working in a proxy chain?
Have you configured upstream proxies in MWG of any kind?
Is MWG allowed to reach out directly to the internet on port 443?
tunnel.web.trustedsource.org has address 184.108.40.206
Can't ping it but can telnet to port 443
Connected to 220.127.116.11.
Escape character is '^]'.
Haven't changed anything in network, it goes directly out on 443
The only thing that changes is the IP address of tunnel.web.trustedsource.org
Thanks for checking - just for the purpose of this test, could you please enter the IP we have just found into the TS configuration you are using and modify it to match mine below?
What happens then?
So you know - I just used 'your' IP and it works here with this server.
It's working now with the IP entered directly ( both IP's work )
Is it ok to use a set IP and if so which one ? I've also seen it resolved to 18.104.22.168 and 22.214.171.124
Should I untick "Do a forward DNS lookup to rate URLs" and "Do a backward DNS lookup for an unrated IP-based URLs" ?
What happens to uncategorised URL's in the cloud ?
I will forward the results fo this discussion to the ops team in charge of the servers.
The DNS checks are performed to add security in terms of if somebody is requesting an IP, we check if we have a URL for it, if somebody is requesting an URL we check if we find the IP in our categories.
Unrated URLs are queued and are being processed by autoraters, if these yield no results they are processed manually.
it is not only autorating! An autorate is attempted for certain categories that are easily definable, whereas a manual review by the global categorisation team is done in most cases, as a human interpretation is providing the best quality criteria you can get. Think about a website where they talk about s*x and anatomic aspects all the time - just autorating it will be difficult, given that it could be a medical page where these topics are discussed.