9 Replies Latest reply: Jul 9, 2013 9:51 PM by rukmalf RSS

    Displaying a block page regardless of the web application

    rukmalf

      Hi,

      I'm configuring a MGW  and a DLP with ICAP. the DLP is the ICAP server. I have noticed that the  block page doesn't work with most of the web applications and they just  show 'error when connecting' (eg when uploading to mediafire) when the content is blocked by the DLP.  This is a major issue since we need to make the end user aware that  their content was blocked by the DLP.

      Does anyone have a sugestion on how to get the block pages working for any situation (regardless of the dynamic content)

      or  if that cannot be achieved i was planing on enabling email alerts to  the users who get their content block. the email should include which category was violated by the content. any comments on that?

       

      Thanx in advance

        • 1. Re: Displaying a block page regardless of the web application
          Regis

          Hi Rukmalf,

           

          This question would get better attention in the McAFee Web Gateway forum, as the block page of which you speak is actually configured in the MWG interface, not in anything involving the network DLP goodies.

           

          That said, I'm experienced in both, and while block pages are relatively easy to figure out how to customize, it's a pretty involved procedure to modify email notifications...to the point I'd not advise anyone doing it alone the first time.

           

          You'd be well served opening a service request with the (in my experience) very helpful McAfee Web Gateway Team if you haven't already.  

          • 2. Re: Displaying a block page regardless of the web application
            rukmalf

            Thanks for the tip i just moved to the webgateway section.

            • 3. Re: Displaying a block page regardless of the web application
              michael_schneider

              Hello,

               

              the nature of the beast

              Most modern Web Applications use Ajax to upload data in the backend 'outside' of the visible content of the browser. What then happens is that the ICAP Server will issue a 403 which the ICAP client then sends back to the browser. As the file transfer happens outside of the visible portion of the web page, the page is not able to display the block message and can only state that 'something' happened while transferring the data.

              To expand further this behaviour is already implied by the term Ajax = Asynchronous JavaScript and XML. The back and forth between client (browser) and server is happening asynchronously so outside if the visible portion.

               

              Michael

              • 4. Re: Displaying a block page regardless of the web application
                rukmalf

                so what could we do to notify the users that there upload or whatever has been blocked? right now I'm planing to send email notifications to the users.

                obviously there could be a lot of confusion when a generic error is displayed rather than specifically notifying the user on what really happened

                 

                Regards,

                Rukmal Fernando

                • 5. Re: Displaying a block page regardless of the web application
                  asabban

                  I think the eMail notification is the easiest approach. Most peoply have their Mail client running all day long and will immediatly see the notifications. Much better would be a client side tool MWG could talk to to display an error message, but we don't have this at the moment.

                   

                  Best,

                  Andre

                  • 6. Re: Displaying a block page regardless of the web application
                    Regis

                    Andre Sabban wrote:

                     

                    I think the eMail notification is the easiest approach. Most peoply have their Mail client running all day long and will immediatly see the notifications. Much better would be a client side tool MWG could talk to to display an error message, but we don't have this at the moment.

                     

                    Best,

                    Andre

                     

                    +1 to email notification... so long as some sort of throttling can be baked in as you wouldn't want to email DOS someone if some sort of uploader kept trying a bunch of times, or if  several post requests that get blocked are triggered.

                     

                    As for client software, I can see the lure from a technical end user communication and notification standpoint, but speaking on behalf of other multi-product administrators ... honestly I and our Windows admins want another piece of McAfee software on my endpoints like I need a hole in my skull.  ;-)    But you're right that out of band notification is definitely a plus in situations like these.

                    • 7. Re: Displaying a block page regardless of the web application
                      asabban

                      MWG has "duplicate mail prevention", which should do the job pretty good. You can tell it to send 1 mail within 10 minutes or similar :-)

                       

                      In a perfect world MWG would tell a locally install VirusScan Enterprise, ePO Agent or whatever already runs on a client to show a dialog or write something into a dashboard that is available for the end user... or windows provides an API who authenticated services could talk to (like the "net send" popups that were fun a few years ago :-)).

                       

                      I assume with all the Web2.0 stuff there will be something in the future.

                       

                      best,

                      Andre

                      • 8. Re: Displaying a block page regardless of the web application
                        eelsasser

                        I incorporated a similar technique in one of my demonstration videos.

                        https://mcafee.box.com/mwg-demo

                        MWG7-FeatureDemo-Part 1.mp4

                         

                        At about the 8:00 mark, you will see me try to download an attachment but it is blocked and doesn't save because of malware. You'll notice that outlook notification pops up at that point and gives details of the blockage.

                        I had recorded a similar segment for DLP, but it's on the cutting room floor and never made it into the final, but the mail notification was the same.

                         

                        The challenge to doing this is deriving the email address from the authenticated user. If the logon name is the same as the email address like:

                        logonname@domain.tld

                        Then it's pretty easy to derive the destination mail address with a string manipulation.

                        However, if it's not the same as the logon,like:

                        first_last@domain.tld

                         

                        you will probably have to do an LDAP lookup to get the email address attribute.

                        • 9. Re: Displaying a block page regardless of the web application
                          rukmalf

                          Email notification with throtling was what I'am planing to use. will have to run a LDAP query to get the email of the violater.

                          I had to crash the following discussion to find the answer for the LDAP query thing

                           

                          https://community.mcafee.com/message/294135#294135

                           

                          Regards,

                          Rukmal Fernando

                           

                          Message was edited by: rukmalf on 7/9/13 9:51:16 PM CDT