Application Blocked instead of URL Block

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Application Blocked instead of URL Block

L3 Networker

Hi

 

I have implemented URL Filtering. However for http pages, I see Application Blocked page as agains URL Block page. 

Anyone experienced same phenomenon?

 

BR,

RJ

1 accepted solution

Accepted Solutions

@rjdahav163

Even if you don't configure a deny rule yourself, there is a default rule at the end of the policy which is configured by default and cannot be deleted - you can only overwrite it. This default rule at the end is set to no log by default. Right now I assume the application block page comes from there because the action is set to deny and you don't see it in the logs because of the no-log setting. Change that rule or configure your own clean up rule with action drop at the end of the ruleset and try again.

The connection to www.google.com probably is identified as google-base so it does not hit your URL filtering rule while the connection to google.com the firewall identifies as ssl/web-browsing so it hits your URL filtering rule so the URL block page is shown.

View solution in original post

9 REPLIES 9

L7 Applicator

@rjdahav163

Do you have a rule above the URL filtering rule that blocks specific apps?

Or do you specify apps (web-browsing, ssl, ...) in your URL filtering rule?

Cyber Elite
Cyber Elite

@rjdahav163,

It's likely not a 'phenomenon' as you called it (love that word by the way). You likely are running into a proper application block for some reason, whether it's because an application deny policy already exists, or as @Remo already mentioned you added the application into the URL Filtering deny policy. 

@Remo

 

In the Security Policy I use applications ssl and web-browsing and Ports tcp/80 and tcp/443.

The Security Policy action is Allow.

Then there is a URL Filtering Profile attached to the security rule, with some URLs allowed and the rest all categories blocked.

The allowed URLs work.

For some of the blocked URLs I see my custom Block Page.

For some of the blocked URLs (predominantly using http) I see the Application Blocked Page instead of my Custom URL Block Page.

I cant pinpoint the problem 😞

@BPry

 

No there is no Deny Policy at all. I am implementing the blocking based on URL Filtering Profile. Please read my above post (reply to @Remo ).

 

BR,

RJ

@rjdahav163

In your traffic logs: which rule gets hit with these sessions that show the application block page? Is it the interzone-default-deny rule?

@Remo

 

No there is no deny rule. In traffic logs I see the security rule which allows the connection being hit. And nothing in URL filtering logs.

 

 

UPDATE: When I use "www" , I see Application block page and when I access URL without www, then I see my custom URL Block Page.

For example: When I access,

http://www.google.com ----> Application Block Page

http://google.com ----> Custom URL Block Page

 

Any Idea why?

@rjdahav163

Even if you don't configure a deny rule yourself, there is a default rule at the end of the policy which is configured by default and cannot be deleted - you can only overwrite it. This default rule at the end is set to no log by default. Right now I assume the application block page comes from there because the action is set to deny and you don't see it in the logs because of the no-log setting. Change that rule or configure your own clean up rule with action drop at the end of the ruleset and try again.

The connection to www.google.com probably is identified as google-base so it does not hit your URL filtering rule while the connection to google.com the firewall identifies as ssl/web-browsing so it hits your URL filtering rule so the URL block page is shown.

@Remo

 

Bingo! Thanks!

 

It was exactly the issue: 

When I used www, the application that is recognized is different. So as you mentioned in case of www.google.com, it is google-base and so it hits the default deny rule and so I see application block page.

 

 

There are many websites that are defined as applications, so allowing just web browsing and ssl will still block these applications. You have to add them as allowed applications.

 

Everytime new content updates come out I always pay close attention to these. We get a lot of "I can't get to this website anymore" tickets, so we try to be proactive in allowing the new definitions.

  • 1 accepted solution
  • 13177 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!