Unblocking a category

Question

Hi there,

I'm new to XG,I'm getting the message below. I'm using the default policy.
I want to unblock the category Auctions & Classified Ads.
In Categories, I marked it as acceptable, but it still is blocked.
In the default policy, the line that blocks it is the second one, block Risky Downloads and Suspicious.
I want to allow that category, and still block Risky Downloads and Suspicious.

What am I missing there ?
Thanks.

Blocked request

This is a message from the IT Department.

The web site you are trying to access:
my.ebay.com/.../eBayISAPI.dll
is listed as a site within the category Auctions & Classified Ads

Current Internet Access Configuration for you does not allow visiting sites within this category at this time.

If the website has been erroneously blocked, please submit it for re-evaluation.

You are currently browsing as an unauthenticated user.

Click here to log in

This thread was automatically locked due to age.

Michael Dunn · Accepted Answer

You are correct in the issue being that you have said to block System Files, which include all files with the .dll extension. ebay (and a few other sites) use this ISAPI.dll. The best way to fix (leaves the most protection) is go to Web, File Types. Add a new type, and under Template choose System Files. Under extension, remove dll from the list. Call is System Files 2. Go to Web, User Activities, Risky Downloads and click the edit icon. Remove System Files and add in the new System Files 2. I wanted, however, to clear up some confusion about the logic chain. The category "classification" is informational only, it does not get used in policy decisions. For any debugging, start with the Policy. A policy is executed from top down. A policy rule (a line within the policy) can include a category, a file type, or a user activity (which is a collection of categories and/or filetypes). In this case, the action was blocked. You should look at the entire policy rule line (which includes two user activities, which drills down to several categories and file types). I though that in v16.5 the blockpage would correctly say it was blocked by filetype but maybe not... In the upcoming v17 all end user pages are being redone and the block page would show the block reason as "System Files".

KC_NZ · Answer

The root cause is that the URL contains an extension listed within the "System Files" (being the eBayISAP.dll component). 
 This is being blocked by the "System Files" category within the "Risky Downloads" User Activity (used within "Default Policy"). The issue is that the "Blocked request" message is written with website categories in mind, hence why it insinuates that the issue is with the site belonging to the "Auctions & Classified Ads" category... when in fact it's because it feels the user may be downloading a system (DLL) file. Not sure what could be done about it... it's a bit of an edge case... however the resulting message is very confusing for administrators and users... The "quick win" would be to remove "System Files" from within "Risky Downloads"... or create a new File Type that duplicates the existing "System Files" but without the "dll" extension and use that within "Risky Downloads".

Russell Harris · Answer

In re-reading I saw this from Michael: 
 The best way to fix (leaves the most protection) is go to Web, File Types. Add a new type, and under Template choose System Files. Under extension, remove dll from the list. Call is System Files 2. Go to Web, User Activities, Risky Downloads and click the edit icon. Remov e System Files and add in the new System Files 2. 
 So I just want to confirm this is the 'fix' 
 Thanks again, 
 RH

lferrara · Answer

Michael, 
 traffic is blocked by Web Filter and not from Application filter. Customize the Web Filter been used or create a new one and allow the categories you need.