4 Replies Latest reply on Jan 27, 2012 5:01 PM by Jon Scholten

    Block URL Category does not work

    luizricardo

      Hi

       

       

      I did a implementation using MWG 7.1.5 and using URL Category Blocklist like the image:

      Block Category.jpg

       

      And in the category blocklist I have a lot of category and when I try access a website in these categories I can access without problem, look this log:

       

      [20/Sep/2011:09:26:23 -0300] "luizricardo" 10.61.0.121 200 "GET http://playboy.abril.com.br/wp-content/plugins/clubalfa-landing-pages/assets/ima ges/sprite-bulets.png HTTP/1.1" "Malicious Sites, Pornography" "High Risk" "image/png" 319 "" "" "0"

       

       

       

      What can I do to trace the police permit this traffic ?

       

      My configuration has 3 TOP RuleSet:

      1st: Global Whitelist

      2nd: Authentication and Authorize

      3rd: Common Rules enabling cache

      And the others rules to filter traffic for specific Internet Groups and in all groups have two rule sets: A rule with whitelist for the group, a category blocklist, url blocklist, Risk policy and the other rule set is for MediaType files.

       

      what is wrong ? or what can I do to check this?

       

      Thanks a lot!

       

      Luiz Ricardo

        • 1. Re: Block URL Category does not work
          dstraube

          Hello Luiz,

           

          from the screenshot your rules look as if it should work, but there might be a rule that whitelists the request before it comes to the ruleset. You should check if there is any "Stop Cycle" action before this ruleset. You might also want to check the entry criteria for the rule set group to check if the request really entered this rule set.

           

          For debugging your rules:

          The "Enable RuleEngineTracing" is a very good idea to check what is actually going wrong, but using it in the rule here will not work. When you can access the site the rule did not trigger, so the event did not trigger either. You should enable RuleEngineTracing before, maybe even at the start to catch the whole execution tree.

           

          Regards,

           

          Dirk

          • 2. Re: Block URL Category does not work
            luizricardo

            Hi Dirk!

             

            I found the problem. When I typed the criteria to filter I've used Authentication.UserGroups contains "User Group" but I was typed with two ""User Group"" and after removed this all rules work fine.

             

             

            Thanks again for the support!

             

            Luiz Ricardo

            • 3. Re: Block URL Category does not work

              this is happening with me , in category content filtering, URL BLOCKED section , pornogrpahy has been bloccked but when i sit at my workstation i can easily access porn websites. why is that?

              • 4. Re: Block URL Category does not work
                Jon Scholten

                Not every situation is the same, but I imagine there may be some misconfiguration in your rules to allow it.

                 

                I have written an article which describes how to form your policy:

                https://community.mcafee.com/docs/DOC-2210

                 

                This takes into account situations like what I imagine you are encountering.

                 

                ~Jon