Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 8491 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filter rogue detection

JD MaC

I have a fairly generic LAN to WAN rule providing Internet access to the bulk of my clients.  This rule has a few options (IPS, etc...) turned on including the web filter with the "Allow All" rule.  I'm not doing any ssl decryption.

One of the computers in the LAN zone has a custom application that accesses several HTTPS web sites.  When the "allow all" web filter is set on the LAN to WAN rule it breaks this app.  The app throws a Bad Request http error.  Setting the web filter to "none" allows it to work.  There are no events in the Web Filter log that show anything being blocked.

Why would the "Allow All" web filter prevent anything from working?  Since there are no events in the Web Filter log, how would I troubleshoot this?  It was dumb luck that I was able to diagnose it with no log...I just happen to turn the web filter off while testing.



This thread was automatically locked due to age.
Parents
  • 0

    JD MaC,

    with Allow ALL, the Web filtering is acting in the middle while with None, Web filtering is not used. Put the ULR inside the exception rules under Web menu and you should be ok.

    While logs are not logging nothing?

    Good question!

  • 0 in reply to lferrara

    Thanks Luk.

    I thought that Allow All was a base rule that didn't block anything, but still watched/logged the traffic.  Why would an exception be needed for Allow All?

  • 0 in reply to JD MaC

    With Allow All, packets are still sent to the web proxy, which (if configured) still does things like check if it is a valid HTTP request, scan for virus, performs anti-phishing, enforces safesearch, etc.

    "Allow All" really means "Do not block based on web categories or filetype"

     

    Assuming that Malware Scanning for HTTP is on then port 80 is sent to the web proxy and "None" is actually fairly similar to "Allow All".

  • 0 in reply to Michael Dunn

    Michael Dunn said:

    With Allow All, packets are still sent to the web proxy, which (if configured) still does things like check if it is a valid HTTP request, scan for virus, performs anti-phishing, enforces safesearch, etc.

    "Allow All" really means "Do not block based on web categories or filetype"

     

    Assuming that Malware Scanning for HTTP is on then port 80 is sent to the web proxy and "None" is actually fairly similar to "Allow All".

     

     

    Thanks, that makes sense.  Is there a log that I would see those blocks in?  While troubleshooting this, nothing appeared in the Web Filter log.

Reply
  • 0 in reply to Michael Dunn

    Michael Dunn said:

    With Allow All, packets are still sent to the web proxy, which (if configured) still does things like check if it is a valid HTTP request, scan for virus, performs anti-phishing, enforces safesearch, etc.

    "Allow All" really means "Do not block based on web categories or filetype"

     

    Assuming that Malware Scanning for HTTP is on then port 80 is sent to the web proxy and "None" is actually fairly similar to "Allow All".

     

     

    Thanks, that makes sense.  Is there a log that I would see those blocks in?  While troubleshooting this, nothing appeared in the Web Filter log.

Children
No Data