09-06-2018 09:18 AM
Hi
I have implemented URL Filtering. However for http pages, I see Application Blocked page as agains URL Block page.
Anyone experienced same phenomenon?
BR,
RJ
09-07-2018 04:15 AM
Even if you don't configure a deny rule yourself, there is a default rule at the end of the policy which is configured by default and cannot be deleted - you can only overwrite it. This default rule at the end is set to no log by default. Right now I assume the application block page comes from there because the action is set to deny and you don't see it in the logs because of the no-log setting. Change that rule or configure your own clean up rule with action drop at the end of the ruleset and try again.
The connection to www.google.com probably is identified as google-base so it does not hit your URL filtering rule while the connection to google.com the firewall identifies as ssl/web-browsing so it hits your URL filtering rule so the URL block page is shown.
09-06-2018 12:17 PM
Do you have a rule above the URL filtering rule that blocks specific apps?
Or do you specify apps (web-browsing, ssl, ...) in your URL filtering rule?
09-06-2018 01:15 PM
It's likely not a 'phenomenon' as you called it (love that word by the way). You likely are running into a proper application block for some reason, whether it's because an application deny policy already exists, or as @Remo already mentioned you added the application into the URL Filtering deny policy.
09-07-2018 01:59 AM
In the Security Policy I use applications ssl and web-browsing and Ports tcp/80 and tcp/443.
The Security Policy action is Allow.
Then there is a URL Filtering Profile attached to the security rule, with some URLs allowed and the rest all categories blocked.
The allowed URLs work.
For some of the blocked URLs I see my custom Block Page.
For some of the blocked URLs (predominantly using http) I see the Application Blocked Page instead of my Custom URL Block Page.
I cant pinpoint the problem 😞
09-07-2018 02:29 AM
In your traffic logs: which rule gets hit with these sessions that show the application block page? Is it the interzone-default-deny rule?
09-07-2018 04:01 AM
No there is no deny rule. In traffic logs I see the security rule which allows the connection being hit. And nothing in URL filtering logs.
UPDATE: When I use "www" , I see Application block page and when I access URL without www, then I see my custom URL Block Page.
For example: When I access,
http://www.google.com ----> Application Block Page
http://google.com ----> Custom URL Block Page
Any Idea why?
09-07-2018 04:15 AM
Even if you don't configure a deny rule yourself, there is a default rule at the end of the policy which is configured by default and cannot be deleted - you can only overwrite it. This default rule at the end is set to no log by default. Right now I assume the application block page comes from there because the action is set to deny and you don't see it in the logs because of the no-log setting. Change that rule or configure your own clean up rule with action drop at the end of the ruleset and try again.
The connection to www.google.com probably is identified as google-base so it does not hit your URL filtering rule while the connection to google.com the firewall identifies as ssl/web-browsing so it hits your URL filtering rule so the URL block page is shown.
09-07-2018 05:32 AM
Bingo! Thanks!
It was exactly the issue:
When I used www, the application that is recognized is different. So as you mentioned in case of www.google.com, it is google-base and so it hits the default deny rule and so I see application block page.
09-07-2018 05:32 AM
There are many websites that are defined as applications, so allowing just web browsing and ssl will still block these applications. You have to add them as allowed applications.
Everytime new content updates come out I always pay close attention to these. We get a lot of "I can't get to this website anymore" tickets, so we try to be proactive in allowing the new definitions.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
