Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 2327 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Security Reporting Issue

StephenWeber
Reporting is definitely not a strong suite for the Astaro and hopefully one day will get better.  But this I completely don't understand.

So as you can see I've got Web Security Enabled for Transparent Proxy with Agent Based Authentication for all Active Directory Users.

I've got Social Networking selected to be blocked and even so the Category Filter.

I've also got an Exception for a select few users that are allowed to get to Facebook.

However, on the Web Security Report I have a Facebook.com Action passed on a User that isn't allowed to get to Facebook.com.  So now I have to go verify if this user can indeed access facebook.com and figure out if this is just an error in the Web Security Reporting.

Any ideas as to why Web Security would list Facebook.com as allowed even through it is blocked?


This thread was automatically locked due to age.
Parents
  • 0
    The quick answer is that the Astaro isn't blocking the Web Sites like it should be according to the Default Policy. 

    2012:03:13-16:22:06 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="69.171.229.12" user="lbryant" statuscode="302" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0x86b4178" url="www.facebook.com/" exceptions="url" error=""

    2012:03:13-16:22:27 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="69.171.229.12" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="429010" request="0x86b4178" url="www.facebook.com/.../html" application="facebook"

    2012:03:13-16:22:27 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="69.31.17.195" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="152" request="0xc7e08748" url="static.ak.fbcdn.net/.../x-icon" application="facebook"

    2012:03:13-16:22:27 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="69.171.229.12" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="110" request="0x86b4178" url="www.facebook.com/ai.php

    2012:03:13-16:22:27 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="63.236.253.88" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2759" request="0x8642b40" url="profile.ak.fbcdn.net/.../jpeg" application="facebook"

    2012:03:13-16:22:27 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="63.236.253.88" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1569" request="0xc05c32f8" url="profile.ak.fbcdn.net/.../jpeg" application="facebook"

    2012:03:13-16:22:27 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="69.171.229.12" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="110" request="0x92f7760" url="www.facebook.com/ai.php

    2012:03:13-16:22:27 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="31.13.76.26" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="10349" request="0x932fe50" url="sphotos.xx.fbcdn.net/.../jpeg" application="facebook"

    2012:03:13-16:22:27 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="204.245.34.144" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6536" request="0xbe5eb890" url="creative.ak.fbcdn.net/.../jpeg" application="facebook"

    2012:03:13-16:22:27 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="204.245.34.144" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="8198" request="0xc7ec1a30" url="creative.ak.fbcdn.net/.../jpeg" application="facebook"

    2012:03:13-16:22:28 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="204.245.34.144" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3366" request="0xbe5eb890" url="creative.ak.fbcdn.net/.../jpeg" application="facebook"

    2012:03:13-16:22:28 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="69.171.229.12" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3032" request="0x92f7760" url="www.facebook.com/.../reconnect.php

    2012:03:13-16:22:28 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="69.171.229.35" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="67" request="0xbe18de38" url="pixel.facebook.com/.../log_ticker_render.php

    2012:03:13-16:22:29 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.2.201" dstip="69.171.229.12" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="81900" request="0x86b4178" url="www.facebook.com/.../multi_story

    2012:03:13-16:22:29 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.2.201" dstip="69.171.229.12" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="34" request="0x92f7760" url="www.facebook.com/.../promo_action.php

    2012:03:13-16:22:30 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="69.171.229.12" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="319" request="0x86b4178" url="www.facebook.com/.../user_info.php
Reply
  • 0
    The quick answer is that the Astaro isn't blocking the Web Sites like it should be according to the Default Policy. 

    2012:03:13-16:22:06 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="69.171.229.12" user="lbryant" statuscode="302" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0x86b4178" url="www.facebook.com/" exceptions="url" error=""

    2012:03:13-16:22:27 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="69.171.229.12" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="429010" request="0x86b4178" url="www.facebook.com/.../html" application="facebook"

    2012:03:13-16:22:27 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="69.31.17.195" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="152" request="0xc7e08748" url="static.ak.fbcdn.net/.../x-icon" application="facebook"

    2012:03:13-16:22:27 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="69.171.229.12" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="110" request="0x86b4178" url="www.facebook.com/ai.php

    2012:03:13-16:22:27 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="63.236.253.88" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2759" request="0x8642b40" url="profile.ak.fbcdn.net/.../jpeg" application="facebook"

    2012:03:13-16:22:27 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="63.236.253.88" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1569" request="0xc05c32f8" url="profile.ak.fbcdn.net/.../jpeg" application="facebook"

    2012:03:13-16:22:27 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="69.171.229.12" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="110" request="0x92f7760" url="www.facebook.com/ai.php

    2012:03:13-16:22:27 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="31.13.76.26" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="10349" request="0x932fe50" url="sphotos.xx.fbcdn.net/.../jpeg" application="facebook"

    2012:03:13-16:22:27 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="204.245.34.144" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6536" request="0xbe5eb890" url="creative.ak.fbcdn.net/.../jpeg" application="facebook"

    2012:03:13-16:22:27 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="204.245.34.144" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="8198" request="0xc7ec1a30" url="creative.ak.fbcdn.net/.../jpeg" application="facebook"

    2012:03:13-16:22:28 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="204.245.34.144" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3366" request="0xbe5eb890" url="creative.ak.fbcdn.net/.../jpeg" application="facebook"

    2012:03:13-16:22:28 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="69.171.229.12" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3032" request="0x92f7760" url="www.facebook.com/.../reconnect.php

    2012:03:13-16:22:28 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="69.171.229.35" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="67" request="0xbe18de38" url="pixel.facebook.com/.../log_ticker_render.php

    2012:03:13-16:22:29 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.2.201" dstip="69.171.229.12" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="81900" request="0x86b4178" url="www.facebook.com/.../multi_story

    2012:03:13-16:22:29 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.2.201" dstip="69.171.229.12" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="34" request="0x92f7760" url="www.facebook.com/.../promo_action.php

    2012:03:13-16:22:30 FPHASG httpproxy[14260]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.201" dstip="69.171.229.12" user="lbryant" statuscode="200" cached="0" profile="REF_HttProOfficeLan (Office LAN)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="319" request="0x86b4178" url="www.facebook.com/.../user_info.php
Children
No Data