[8.951][BUG] Report Override

Hello,

I encountered a problem on the report of overrides. If a site is blocked by category, and I override the block, the report contains the site correctly and is reported in the log:

... sys = "SecureWeb" sub = "http" name = "ContentFilter override" url = "....
.

But if the site is blocked because it's in blacklist, it not appear in the report and in the logs. In the log i found:

... severity = "info" sys = "SecureWeb" sub = "http" name = "web request blocked, forbidden url detected" action = "block" ...
... severity = "info" sys = "SecureWeb" sub = "http" name = "http access" action = "pass" ...

I found the same bug in the 8.303

regards

Parents

0 cziel over 12 years ago

Hi matteo.lobbiani,

AFAICS you used the live log to check that.
Although the live logs show some general information, you nevertheless need to check the /var/log/http.log via SSH in order to see all available information. The full log file provides something like this:

2012:05:21-10:08:13 skywalker httpproxy[3157]: id="0062" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden url detected" action="block" method="GET" srcip="***.***.****.****" dstip="" user="skywalker" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2840" request="0xfd18730" url="www.heise.de/" exceptions="" error=""

2012:05:21-10:08:13 skywalker httpproxy[3157]: id="0062" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden url detected" action="block" method="GET" srcip="***.***.***.***" dstip="" user="skywalker" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2873" request="0xfd18730" url="www.heise.de/favicon.ico" exceptions="" error=""

2012:05:21-10:08:45 skywalker httpproxy[3157]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="***.***.***.***" dstip="" user="" statuscode="404" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2619" request="0xfd18cd0" url="passthrough.fw-notify.net/favicon.ico" exceptions="" error="File not found"

Cheers,
Cristof

0 matteo.lobbiani over 12 years ago in reply to cziel

First case (category blocked):

2012:05:18-11:15:12 nextbitfw httpproxy[19940]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="*.*.*.*" dstip="" user="lobbiani" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3025" request="0x9d765a0" url="www.redtube.com/" exceptions="" error="" reason="category" category="149" reputation="unverified" categoryname="****ography"
2012:05:18-11:15:14 nextbitfw httpproxy[19940]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="*.*.*.*" dstip="" user="" statuscode="404" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2606" request="0x104701b0" url="passthrough.fw-notify.net/favicon.ico" exceptions="" error="File not found"
2012:05:18-11:15:27 nextbitfw httpproxy[19940]: id="0063" severity="info" sys="SecureWeb" sub="http" name="Contentfilter override" url="www.redtube.com/" srcip="*.*.*.*" user="lobbiani" category="149" reason="test categoria"

Second Case (Url blocked):

2012:05:18-11:17:19 nextbitfw httpproxy[21083]: id="0062" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden url detected" action="block" method="GET" srcip="*.*.*.*" dstip="" user="lobbiani" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFA
ction (Default content filter action)" size="2887" request="0x8bcee18" url="www.redtube.com/" exceptions="" error=""
2012:05:18-11:17:23 nextbitfw httpproxy[21083]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="*.*.*.*" dstip="" user="" statuscode="404" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2606" request="0xf6b1310" url="passthrough.fw-notify.net/favicon.ico" exceptions="" error="File not found"
2012:05:18-11:17:34 nextbitfw httpproxy[21083]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="*.*.*.*" dstip="209.222.138.10" user="lobbiani" statuscode="301" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0x8bcee18" url="www.redtube.com/" exceptions="url" error=""
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 matteo.lobbiani over 12 years ago in reply to cziel

First case (category blocked):

2012:05:18-11:15:12 nextbitfw httpproxy[19940]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="*.*.*.*" dstip="" user="lobbiani" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3025" request="0x9d765a0" url="www.redtube.com/" exceptions="" error="" reason="category" category="149" reputation="unverified" categoryname="****ography"
2012:05:18-11:15:14 nextbitfw httpproxy[19940]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="*.*.*.*" dstip="" user="" statuscode="404" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2606" request="0x104701b0" url="passthrough.fw-notify.net/favicon.ico" exceptions="" error="File not found"
2012:05:18-11:15:27 nextbitfw httpproxy[19940]: id="0063" severity="info" sys="SecureWeb" sub="http" name="Contentfilter override" url="www.redtube.com/" srcip="*.*.*.*" user="lobbiani" category="149" reason="test categoria"

Second Case (Url blocked):

2012:05:18-11:17:19 nextbitfw httpproxy[21083]: id="0062" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden url detected" action="block" method="GET" srcip="*.*.*.*" dstip="" user="lobbiani" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFA
ction (Default content filter action)" size="2887" request="0x8bcee18" url="www.redtube.com/" exceptions="" error=""
2012:05:18-11:17:23 nextbitfw httpproxy[21083]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="*.*.*.*" dstip="" user="" statuscode="404" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2606" request="0xf6b1310" url="passthrough.fw-notify.net/favicon.ico" exceptions="" error="File not found"
2012:05:18-11:17:34 nextbitfw httpproxy[21083]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="*.*.*.*" dstip="209.222.138.10" user="lobbiani" statuscode="301" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0x8bcee18" url="www.redtube.com/" exceptions="url" error=""
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data