Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1385 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Proxy profile always using fallback action

MojoQC
The problem is in the title!

Here's my setup.

I Have enabled the HTTP/S Proxy and put Internal Network in allowed networks.

I then created a proxy profile which is also operating in transparent mode just as the proxy does.

In this proxy profile, I have cheked 3 filter Assignments (Allow All in first, Partial Access in second and Blocked in 3). And my fallback action is Allow All filter action.

Fact is, when I chek the live log (I have around 75 clients), I see that ALL my clients are passing by the Allow All filter (which is the fallback action)


2010:06:01-14:21:37 monfw01 httpproxy[605]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.191.190.88" user="" statuscode="204" cached="0" profile="REF_wdKqMpbtaX (ProxyEnabled)" filteraction="REF_BusmyQzNvV (Allow All Filter)" size="0" time="189 ms" request="0xa5297130" url="clients1.google.ca/generate_204" exceptions="av,auth,content,url,mime" error=""
2010:06:01-14:21:37 monfw01 httpproxy[605]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.191.190.88" user="" statuscode="304" cached="0" profile="REF_wdKqMpbtaX (ProxyEnabled)" filteraction="REF_BusmyQzNvV (Allow All Filter)" size="0" time="197 ms" request="0xa529bca0" url="www.google.ca/.../61b74cec06c9b6c9.js" exceptions="av,auth,content,url,mime" error=""
2010:06:01-14:21:37 monfw01 httpproxy[605]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.191.190.57" user="" statuscode="200" cached="0" profile="REF_wdKqMpbtaX (ProxyEnabled)" filteraction="REF_BusmyQzNvV (Allow All Filter)" size="148" time="523 ms" request="0xa5290c50" url="www.expedia.ca/.../tealeafTarget.asp" exceptions="av,auth,content,url,mime" error="" 


Here's what I do to try the block all action. In his filter assignment, it is containing a group called GrpBlockedAccess (which is obvisously created in my domain and in astaro) in which I have a user named UsrBlockedAccess just for testing purposes. When I go on firefox, no proxy configuration, I try google.com and it passes. It should not. My Block all filter action is a whitelist with nothing in it.

What am I getting wrong?

Thanks,
MojoQC


This thread was automatically locked due to age.
Parents
  • 0
    Defenitely the groups are failing because I just watched the Authentication Live Log and the user logs in successfully


    2010:06:02-10:48:21 monfw01 aua[1473]: id="3006" severity="info" sys="System" sub="auth" name="Authentication test request: m:adirectory, f:none, u:UsrBlockedAccess, ip:"
    2010:06:02-10:48:21 monfw01 aua[1473]: id="3006" severity="info" sys="System" sub="auth" name="Testing method adirectory"
    2010:06:02-10:48:21 monfw01 aua[1473]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.191.190.249 (adirectory)"
    2010:06:02-10:48:22 monfw01 aua[1473]: id="3006" severity="info" sys="System" sub="auth" name="Authentication test successfull"
    2010:06:02-10:51:06 monfw01 aua[1654]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="192.191.190.88" user="admin" caller="webadmin" engine="local"
    2010:06:02-11:02:40 monfw01 aua[2026]: id="3006" severity="info" sys="System" sub="auth" name="Spawned child for authentication test" 
Reply
  • 0
    Defenitely the groups are failing because I just watched the Authentication Live Log and the user logs in successfully


    2010:06:02-10:48:21 monfw01 aua[1473]: id="3006" severity="info" sys="System" sub="auth" name="Authentication test request: m:adirectory, f:none, u:UsrBlockedAccess, ip:"
    2010:06:02-10:48:21 monfw01 aua[1473]: id="3006" severity="info" sys="System" sub="auth" name="Testing method adirectory"
    2010:06:02-10:48:21 monfw01 aua[1473]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.191.190.249 (adirectory)"
    2010:06:02-10:48:22 monfw01 aua[1473]: id="3006" severity="info" sys="System" sub="auth" name="Authentication test successfull"
    2010:06:02-10:51:06 monfw01 aua[1654]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="192.191.190.88" user="admin" caller="webadmin" engine="local"
    2010:06:02-11:02:40 monfw01 aua[2026]: id="3006" severity="info" sys="System" sub="auth" name="Spawned child for authentication test" 
Children
No Data