Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
738 Views 4 Replies Latest reply: Feb 1, 2013 12:08 AM by btlyric RSS
iain.gardiner Apprentice 73 posts since
Sep 16, 2011
Currently Being Moderated

Jan 30, 2013 5:12 AM

URL category conflict

we've had a few situations where user's are getting blocked for a cetegory but when we look up the trustedsource webpage http://www.trustedsource.org/urlcheck/ the site is listed as uncategorised. However webgateway thinks it's Residential IP Addresses

 

Both URL engines match. Ie on trusted source it is using 38121 and the dashboard on the gateways are showing the same.

 

Site I have is esalearning.org.

 

Anyone from McAfee have any ideas why this is happening?

 

McAfee version 72030 & 72050

  • trevorw2000 Apprentice 49 posts since
    Sep 25, 2012
    Currently Being Moderated
    1. Jan 30, 2013 1:47 PM (in response to iain.gardiner)
    Re: URL category conflict

    I will second this...I have had many instances since we implimented McAfee Web Gateway where the block page will list categories that don't match up with what I can pull from Trusted Source.  I even scrolled through all the various options there to see if they we were somehow pulling from the wrong source, and none of them matched what our gateway gave for a block reason.  We're running 7.3.0.2.0 (14242).

  • eelsasser McAfee SME 843 posts since
    Mar 24, 2010
    Currently Being Moderated
    2. Jan 30, 2013 2:00 PM (in response to trevorw2000)
    Re: URL category conflict

    The primary reason is that the URL filter setting will do a lookup of the IP address if there is no URL category.

     

    If you uncheck this setting, you will get the same results as TrustedSoruce.org.

    Capture.png

     

     

    The MWG does an extra step to try to rate unknown URLs by looking up their IP address, but the online lookups on the web site do not.

     

    If you did a second explicit lookup on the TS web site for the IP address, you would get the same results that MWG provides:

    Capture2.png

    Capture3.png

     

    Message was edited by: eelsasser on 1/30/13 3:00:12 PM EST
  • btlyric Apprentice 184 posts since
    Aug 1, 2012
    Currently Being Moderated
    4. Feb 1, 2013 12:08 AM (in response to iain.gardiner)
    Re: URL category conflict

    Due to reasons detailed in eelsasser's post and the fact that I was tired of going to TSDB and issuing 4 different requests to check hostname against resident and cloud and then IP against resident and cloud, I created a URL checker rule set that looks at both local and cloud designations for hostnames and IPs.

     

    One thing that it's still missing is a check against hostname returned from a reverse IP lookup, but in general it gets the job done.

     

    I think that I gave a copy of this rule set to eelsasser or asabban, but I'm not 100% sure.

     

    If I didn't and there's enough interest in it, I might be able to find the time to clean it up for public dissemination.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points