Websites with just text

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Websites with just text

L3 Networker

I recently turned on URL Filtering and now some sites are coming up with just text.

CNN for example, has bullet points on the left next to titles that I can click on, the header is a small square with what looks like a jpeg avatar in the middle.

No graphics at all......Text CNN no pictures.png

Any help would be appreciated!

TIA

1 accepted solution

Accepted Solutions

Bill, I have a PA200 and I see this all the time, when I have some of my categories set to either Block/Continue.  When the web pages are generated, some pull from other sites (web advertising, Content Data Network, etc) and if I change (specifically, CDN (content data network) or web-advertising to block or continue) the page may not load correctly, and I get text. Give it a try and let me know.  Just review your url categories (set them to alert for all) and then you can show that this is your own configuration that is the cause. Glad to help.

block [ abused-drugs adult-and-pornography bot-nets cheating confirmed-spam-sources content-delivery-networks cult-and-occult dating dead-sites dynamically-generated-content games gros s hacking hate-and-racism illegal keyloggers-and-monitoring malware-sites marijuana not-resolved nud ity online-gambling online-music open-http-proxies parked-domains pay-to-surf peer-to-peer phishing- and-other-frauds proxy-avoidance-and-anonymizers questionable social-networking spam-urls spyware-an d-adware streaming-media unconfirmed-spam-sources unknown violence weapons web-advertisements ];

Something in your Block List (it seems extensive) is a probably the culprit.

View solution in original post

12 REPLIES 12

L6 Presenter

Do you use ssl decryption ?

L5 Sessionator

Hi Bill,

It may be helpful to share what URL categories you block on.  Sites like CNN pull in a lot of various content from different sources, so if you have CDNs (content delivery network) as a blocked category, it could result in the behavior you described.

--Doris

"Application Bloc" {

        from private;

        source any;

        source-region any;

        to public;

        destination any;

        destination-region any;

        user "mch\domain users";

        application/service [ usejump/any/any/any ifile.it/any/any/any smtp/any/any/any filer.cx/any

/any/any bonpoo/any/any/any socks/any/any/any twitter-posting/any/any/any tftp/any/any/any telnet/an

y/any/any snmp-base/any/any/any irc-base/any/any/any ldap/any/any/any rtsp/any/any/any http-proxy/an

y/any/any kazaa/any/any/any ebuddy/any/any/any gnutella/any/any/any jabber/any/any/any aim-base/any/

any/any soulseek/any/any/any direct-connect/any/any/any webaim/any/any/any spark/any/any/any swapper

/any/any/any adrive/any/any/any ares/any/any/any warez-p2p/any/any/any emule/any/any/any bittorrent/

any/any/any ms-groove/any/any/any peerenabler/any/any/any 100bao/any/any/any google-buzz/any/any/any

gogobox/any/any/any fasttrack/any/any/any goboogy/any/any/any hotline/any/any/any kugoo/any/any/any

mute/any/any/any pptp/any/any/any nntp/any/any/any openft/any/any/any all-slots-casino/any/any/any

rlogin/any/any/any soribada/any/any/any tesla/any/any/any thecircle/any/any/any xunlei/any/any/any a

pplejuice/any/any/any r        action deny;

}

No.

Try to use url filtering profile allow rule; instead of a url category/deny rule

Also make sure that you put all categories into alert mode by default so you get url logs aswell - this way it will be easier to hunt down why a specific client ip only see part of a webpage.

Try to use url filtering profile allow rule; instead of a url category/deny rule

Also make sure that you put all categories into alert mode by default so you get url logs aswell - this way it will be easier to hunt down why a specific client ip only see part of a webpage.


I do have a url filtering profile, forgot to add it, I was leaving for the day.


url-filtering {

MCH-URL-Filter {

                license-expired allow;

                enable-container-page yes;

                dynamic-url yes;

                log-container-page-only yes;

                alert [ alcohol-and-tobacco auctions individual-stock-advice-and-tools ];

                block [ abused-drugs adult-and-pornography bot-nets cheating confirmed-spam-sources

content-delivery-networks cult-and-occult dating dead-sites dynamically-generated-content games gros

s hacking hate-and-racism illegal keyloggers-and-monitoring malware-sites marijuana not-resolved nud

ity online-gambling online-music open-http-proxies parked-domains pay-to-surf peer-to-peer phishing-

and-other-frauds proxy-avoidance-and-anonymizers questionable social-networking spam-urls spyware-an

d-adware streaming-media unconfirmed-spam-sources unknown violence weapons web-advertisements ];

                block-list [ *.adobe.com *.atdmt.com *.atlassolutions.com *.audible.com *.colasoft.c

om *.facebook.com *.fbcdn.net *.hoha.ru *.iesnare.com *.ircgalaxy.pl *.java.com *.java.sun.com *.mys

pace.com *.pandora.com *.zief.pl *.update.microsoft.com *.slacker.com *.aboutfacebook.com *.facebook

babes.com *.facebookcheats.com *.facebookclub.com *.facebookdevelopment.com *.facebookfest.com *.fac

ebookintegration.com *.facebookjournal.com *.facebookking.com *.facebookland.com *.facebooksafety.co

m *.facebookstudio.com *.facebookstuff.com *.freefacebookapps.com *.friendsonfacebook.com *.fundrais

ingwithfacebook.com *.joinusonfacebook.com *.killfacebook.com *.moneyfromfacebook.com *.moneywithfac

ebook.com *.newfacebookapplication.com *.asianave.com audimated.com *.cross.tv *.delicious.com *.dev

iantart.com *.douban.com *.elixio.net *.friendster.com *.fubar.com *.fuelmyblog.com *.govloop.com *.

itsmy.com *.kiwibox.com *.lafango.com *.facebook.com *.fbcdn.com *.livejournal.com *.makeoutclub.com

*.mubi.com *.mylife.com *.ning.com *.quechup.com *.firstload.com *.shelfari.com *.termwiki.com *.th

e-sphere.com ];

                allow-list [ *.emax.sharefile.com *.collaborationcompass.com *.rad-imaging.com *.eca

mco.com *.gettingtheloveyouwant.com *.greatbaymentalhealth.com *.images.google.com *.jaffreyhealth.c

om *.neemsinstitute.com *.memorise.org *.providerpreference.com *.mchds.org *.mchweb.org *.mchvpn.or

g *.mchportal.org *.mchmail.org *.chan-nh.org *.belletetes.com *.athleticbusiness.com *.athenahealth

.com *.webinservice.com *.mcstrategies.com *.educode.com *.nursingskills.com *.mosbysindex.com *.mos

bysnursingconsult.com *.mosbysimaging.com *.uptodate.com *.adam.com *.lpntobsnonline.org *.msftncsi.

com *.KronosLifestyle.com *.scorehsi.com *.aarp.org *.accordent.powerstream.net *.apic.informz.net *

.athleticbusiness.com *.babycenter.com *.belletetes.com *.blackboard.com *.caldwelltools.com *.cdc.g

ov *.chan-nh.org *.chefsolus.com *.gotomeeting.com *.gri-usa.com *.healthcaresource.com *.healthylea

rning.com *.homedepot.com *.hsacumen.com *.hscar.com *.injoyvideos.com *.msdsdirect.com *.msftncsi.c

om *.officemaxsolutions.com *.olympusamerica.com *.rs6.net *.smilemakers.com *.standingstoneinc.com

*.stryker.com *.uptodate.com *.utdol.com *.viactiv.com *.wellnessworklife.com dh618.hitchcock.org/iw

/webclient.exe *.linkedin.com *.licdn.com *.youtube.com *.ytimg.com *.youtube.com/watch *.googlevide

o.com *.vimeo.com *.wellnessworklife.com ];

                action block;

              }

Yes but the point is which rule hits that traffic ?

Domain Users hit both rules.

I have an IP exception policy on my PC and cnn.com loads fine on it.

Thanks...

Bill, I have a PA200 and I see this all the time, when I have some of my categories set to either Block/Continue.  When the web pages are generated, some pull from other sites (web advertising, Content Data Network, etc) and if I change (specifically, CDN (content data network) or web-advertising to block or continue) the page may not load correctly, and I get text. Give it a try and let me know.  Just review your url categories (set them to alert for all) and then you can show that this is your own configuration that is the cause. Glad to help.

block [ abused-drugs adult-and-pornography bot-nets cheating confirmed-spam-sources content-delivery-networks cult-and-occult dating dead-sites dynamically-generated-content games gros s hacking hate-and-racism illegal keyloggers-and-monitoring malware-sites marijuana not-resolved nud ity online-gambling online-music open-http-proxies parked-domains pay-to-surf peer-to-peer phishing- and-other-frauds proxy-avoidance-and-anonymizers questionable social-networking spam-urls spyware-an d-adware streaming-media unconfirmed-spam-sources unknown violence weapons web-advertisements ];

Something in your Block List (it seems extensive) is a probably the culprit.

content-delivery-networks was the problem.

Thanks!

Thanks guys...I was having the exact same issue and this post nailed the fix.

  • 1 accepted solution
  • 5059 Views
  • 12 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!