- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-28-2013 11:57 AM
I recently turned on URL Filtering and now some sites are coming up with just text.
CNN for example, has bullet points on the left next to titles that I can click on, the header is a small square with what looks like a jpeg avatar in the middle.
No graphics at all......
Any help would be appreciated!
TIA
03-29-2013 11:33 AM
Bill, I have a PA200 and I see this all the time, when I have some of my categories set to either Block/Continue. When the web pages are generated, some pull from other sites (web advertising, Content Data Network, etc) and if I change (specifically, CDN (content data network) or web-advertising to block or continue) the page may not load correctly, and I get text. Give it a try and let me know. Just review your url categories (set them to alert for all) and then you can show that this is your own configuration that is the cause. Glad to help.
block [ abused-drugs adult-and-pornography bot-nets cheating confirmed-spam-sources content-delivery-networks cult-and-occult dating dead-sites dynamically-generated-content games gros s hacking hate-and-racism illegal keyloggers-and-monitoring malware-sites marijuana not-resolved nud ity online-gambling online-music open-http-proxies parked-domains pay-to-surf peer-to-peer phishing- and-other-frauds proxy-avoidance-and-anonymizers questionable social-networking spam-urls spyware-an d-adware streaming-media unconfirmed-spam-sources unknown violence weapons web-advertisements ];
Something in your Block List (it seems extensive) is a probably the culprit.
03-28-2013 12:48 PM
Do you use ssl decryption ?
03-28-2013 12:55 PM
Hi Bill,
It may be helpful to share what URL categories you block on. Sites like CNN pull in a lot of various content from different sources, so if you have CDNs (content delivery network) as a blocked category, it could result in the behavior you described.
--Doris
03-28-2013 01:03 PM
"Application Bloc" {
from private;
source any;
source-region any;
to public;
destination any;
destination-region any;
user "mch\domain users";
application/service [ usejump/any/any/any ifile.it/any/any/any smtp/any/any/any filer.cx/any
/any/any bonpoo/any/any/any socks/any/any/any twitter-posting/any/any/any tftp/any/any/any telnet/an
y/any/any snmp-base/any/any/any irc-base/any/any/any ldap/any/any/any rtsp/any/any/any http-proxy/an
y/any/any kazaa/any/any/any ebuddy/any/any/any gnutella/any/any/any jabber/any/any/any aim-base/any/
any/any soulseek/any/any/any direct-connect/any/any/any webaim/any/any/any spark/any/any/any swapper
/any/any/any adrive/any/any/any ares/any/any/any warez-p2p/any/any/any emule/any/any/any bittorrent/
any/any/any ms-groove/any/any/any peerenabler/any/any/any 100bao/any/any/any google-buzz/any/any/any
gogobox/any/any/any fasttrack/any/any/any goboogy/any/any/any hotline/any/any/any kugoo/any/any/any
mute/any/any/any pptp/any/any/any nntp/any/any/any openft/any/any/any all-slots-casino/any/any/any
rlogin/any/any/any soribada/any/any/any tesla/any/any/any thecircle/any/any/any xunlei/any/any/any a
pplejuice/any/any/any r action deny;
}
03-28-2013 01:13 PM
Try to use url filtering profile allow rule; instead of a url category/deny rule
03-28-2013 02:09 PM
Also make sure that you put all categories into alert mode by default so you get url logs aswell - this way it will be easier to hunt down why a specific client ip only see part of a webpage.
03-29-2013 02:55 AM
Try to use url filtering profile allow rule; instead of a url category/deny rule
Also make sure that you put all categories into alert mode by default so you get url logs aswell - this way it will be easier to hunt down why a specific client ip only see part of a webpage.
I do have a url filtering profile, forgot to add it, I was leaving for the day.
url-filtering {
MCH-URL-Filter {
license-expired allow;
enable-container-page yes;
dynamic-url yes;
log-container-page-only yes;
alert [ alcohol-and-tobacco auctions individual-stock-advice-and-tools ];
block [ abused-drugs adult-and-pornography bot-nets cheating confirmed-spam-sources
content-delivery-networks cult-and-occult dating dead-sites dynamically-generated-content games gros
s hacking hate-and-racism illegal keyloggers-and-monitoring malware-sites marijuana not-resolved nud
ity online-gambling online-music open-http-proxies parked-domains pay-to-surf peer-to-peer phishing-
and-other-frauds proxy-avoidance-and-anonymizers questionable social-networking spam-urls spyware-an
d-adware streaming-media unconfirmed-spam-sources unknown violence weapons web-advertisements ];
block-list [ *.adobe.com *.atdmt.com *.atlassolutions.com *.audible.com *.colasoft.c
om *.facebook.com *.fbcdn.net *.hoha.ru *.iesnare.com *.ircgalaxy.pl *.java.com *.java.sun.com *.mys
pace.com *.pandora.com *.zief.pl *.update.microsoft.com *.slacker.com *.aboutfacebook.com *.facebook
babes.com *.facebookcheats.com *.facebookclub.com *.facebookdevelopment.com *.facebookfest.com *.fac
ebookintegration.com *.facebookjournal.com *.facebookking.com *.facebookland.com *.facebooksafety.co
m *.facebookstudio.com *.facebookstuff.com *.freefacebookapps.com *.friendsonfacebook.com *.fundrais
ingwithfacebook.com *.joinusonfacebook.com *.killfacebook.com *.moneyfromfacebook.com *.moneywithfac
ebook.com *.newfacebookapplication.com *.asianave.com audimated.com *.cross.tv *.delicious.com *.dev
iantart.com *.douban.com *.elixio.net *.friendster.com *.fubar.com *.fuelmyblog.com *.govloop.com *.
itsmy.com *.kiwibox.com *.lafango.com *.facebook.com *.fbcdn.com *.livejournal.com *.makeoutclub.com
*.mubi.com *.mylife.com *.ning.com *.quechup.com *.firstload.com *.shelfari.com *.termwiki.com *.th
e-sphere.com ];
allow-list [ *.emax.sharefile.com *.collaborationcompass.com *.rad-imaging.com *.eca
mco.com *.gettingtheloveyouwant.com *.greatbaymentalhealth.com *.images.google.com *.jaffreyhealth.c
om *.neemsinstitute.com *.memorise.org *.providerpreference.com *.mchds.org *.mchweb.org *.mchvpn.or
g *.mchportal.org *.mchmail.org *.chan-nh.org *.belletetes.com *.athleticbusiness.com *.athenahealth
.com *.webinservice.com *.mcstrategies.com *.educode.com *.nursingskills.com *.mosbysindex.com *.mos
bysnursingconsult.com *.mosbysimaging.com *.uptodate.com *.adam.com *.lpntobsnonline.org *.msftncsi.
com *.KronosLifestyle.com *.scorehsi.com *.aarp.org *.accordent.powerstream.net *.apic.informz.net *
.athleticbusiness.com *.babycenter.com *.belletetes.com *.blackboard.com *.caldwelltools.com *.cdc.g
ov *.chan-nh.org *.chefsolus.com *.gotomeeting.com *.gri-usa.com *.healthcaresource.com *.healthylea
rning.com *.homedepot.com *.hsacumen.com *.hscar.com *.injoyvideos.com *.msdsdirect.com *.msftncsi.c
om *.officemaxsolutions.com *.olympusamerica.com *.rs6.net *.smilemakers.com *.standingstoneinc.com
*.stryker.com *.uptodate.com *.utdol.com *.viactiv.com *.wellnessworklife.com dh618.hitchcock.org/iw
/webclient.exe *.linkedin.com *.licdn.com *.youtube.com *.ytimg.com *.youtube.com/watch *.googlevide
o.com *.vimeo.com *.wellnessworklife.com ];
action block;
}
03-29-2013 05:08 AM
Yes but the point is which rule hits that traffic ?
03-29-2013 05:38 AM
Domain Users hit both rules.
I have an IP exception policy on my PC and cnn.com loads fine on it.
Thanks...
03-29-2013 11:33 AM
Bill, I have a PA200 and I see this all the time, when I have some of my categories set to either Block/Continue. When the web pages are generated, some pull from other sites (web advertising, Content Data Network, etc) and if I change (specifically, CDN (content data network) or web-advertising to block or continue) the page may not load correctly, and I get text. Give it a try and let me know. Just review your url categories (set them to alert for all) and then you can show that this is your own configuration that is the cause. Glad to help.
block [ abused-drugs adult-and-pornography bot-nets cheating confirmed-spam-sources content-delivery-networks cult-and-occult dating dead-sites dynamically-generated-content games gros s hacking hate-and-racism illegal keyloggers-and-monitoring malware-sites marijuana not-resolved nud ity online-gambling online-music open-http-proxies parked-domains pay-to-surf peer-to-peer phishing- and-other-frauds proxy-avoidance-and-anonymizers questionable social-networking spam-urls spyware-an d-adware streaming-media unconfirmed-spam-sources unknown violence weapons web-advertisements ];
Something in your Block List (it seems extensive) is a probably the culprit.
03-29-2013 11:52 AM
content-delivery-networks was the problem.
Thanks!
04-09-2013 11:48 AM
Thanks guys...I was having the exact same issue and this post nailed the fix.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!