Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
02-18-2010 06:51 AM
I just started getting blocked when going to Facebook. Here is the default block page:
Access to the web page you were trying to visit has been blocked in accordance with company policy. Please contact your system administrator if you believe this is in error.
User: [me]
URL: www.facebook.com/
Category: phishing-and-other-frauds
This got me to wondering how I can check URL's to see how they are categorized and also what the best way it so suggest changes or corrections. Also, is documentation maintained and available on why a site has received a certain categoy? For example, has Facebook really earned a place in the phishing category?
02-18-2010 08:16 AM
Here is the CLI command to test a URL.
admin@PA-500> debug device-server test url facebook.com
facebook.com social-networking (Base db)
admin@PA-500> debug device-server test url www.facebook.com
www.facebook.com phishing-and-other-frauds (Base db)
Using this example you can see the Facebook problem. www.facebook.comis miscategorized but facebook.com is correctly categorized. For the time being you can add www.facebook.com or *.facebook.com to your allow list to make your users happy again.
Palo Alto Networks has reported the problem to BrightCloud and they are working to correct the issue and provide an explanation as to what happened, since they have many safeguards to prevent such an occurrence. I'll provide an update when we have one.
02-18-2010 07:48 AM
We got caught by this earlier today. Dangers of a third-party database (though of course the pro's outweigh the con's).
www.brightcloud.com has a tester, and a means to submit a URL for re-classification, though I did so a good few hours ago and it still doesn't seem to have changed, which is surprising given, well, it's Facebook not some obscure website.
02-18-2010 08:16 AM
Here is the CLI command to test a URL.
admin@PA-500> debug device-server test url facebook.com
facebook.com social-networking (Base db)
admin@PA-500> debug device-server test url www.facebook.com
www.facebook.com phishing-and-other-frauds (Base db)
Using this example you can see the Facebook problem. www.facebook.comis miscategorized but facebook.com is correctly categorized. For the time being you can add www.facebook.com or *.facebook.com to your allow list to make your users happy again.
Palo Alto Networks has reported the problem to BrightCloud and they are working to correct the issue and provide an explanation as to what happened, since they have many safeguards to prevent such an occurrence. I'll provide an update when we have one.
02-18-2010 08:27 AM
Thanks for that - not wanting to hijack the thread but can you explain if/when the change will be picked up by our Palo Alto please?
I'm a little unclear what is held "on-box" and what is cached/queried "on the fly"?
Thanks.
02-18-2010 09:40 AM
The new version will be pushed to the PANs as soon as it is available and you'll be able to perform the upgrade.
02-18-2010 10:29 AM
The new URL database, version 3270, is now available to install. The problem has been fixed:
admin@PA-500> debug device-server test url www.facebook.com
www.facebook.com social-networking (Base db)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
