4 Replies Latest reply: Feb 1, 2013 12:08 AM by btlyric RSS

    URL category conflict

    iain.gardiner

      we've had a few situations where user's are getting blocked for a cetegory but when we look up the trustedsource webpage http://www.trustedsource.org/urlcheck/ the site is listed as uncategorised. However webgateway thinks it's Residential IP Addresses

       

      Both URL engines match. Ie on trusted source it is using 38121 and the dashboard on the gateways are showing the same.

       

      Site I have is esalearning.org.

       

      Anyone from McAfee have any ideas why this is happening?

       

      McAfee version 72030 & 72050

        • 1. Re: URL category conflict
          trevorw2000

          I will second this...I have had many instances since we implimented McAfee Web Gateway where the block page will list categories that don't match up with what I can pull from Trusted Source.  I even scrolled through all the various options there to see if they we were somehow pulling from the wrong source, and none of them matched what our gateway gave for a block reason.  We're running 7.3.0.2.0 (14242).

          • 2. Re: URL category conflict
            eelsasser

            The primary reason is that the URL filter setting will do a lookup of the IP address if there is no URL category.

             

            If you uncheck this setting, you will get the same results as TrustedSoruce.org.

            Capture.png

             

             

            The MWG does an extra step to try to rate unknown URLs by looking up their IP address, but the online lookups on the web site do not.

             

            If you did a second explicit lookup on the TS web site for the IP address, you would get the same results that MWG provides:

            Capture2.png

            Capture3.png

             

            Message was edited by: eelsasser on 1/30/13 3:00:12 PM EST
            • 3. Re: URL category conflict
              iain.gardiner

              Thx, that's done the trick!

              • 4. Re: URL category conflict
                btlyric

                Due to reasons detailed in eelsasser's post and the fact that I was tired of going to TSDB and issuing 4 different requests to check hostname against resident and cloud and then IP against resident and cloud, I created a URL checker rule set that looks at both local and cloud designations for hostnames and IPs.

                 

                One thing that it's still missing is a check against hostname returned from a reverse IP lookup, but in general it gets the job done.

                 

                I think that I gave a copy of this rule set to eelsasser or asabban, but I'm not 100% sure.

                 

                If I didn't and there's enough interest in it, I might be able to find the time to clean it up for public dissemination.