Web Content Warning misleading message

I was accessing a website and a warning page from the XGS (running current XG 18.5 MR1) popped up warning that the website was blocked because it was Information Technology. This was very puzzling since I had specifically eliminated Information Technology as a filter.

I poked around in the XGS and found nothing. Then poked around in Intercept X (via Sophos Central) to see if I'd perhaps blocked Information Technology there. I tested the URL in Policy Test and it was allowed, I think. (Though I lost track of tests and modifications over time, so I could be wrong on this one.) After quite some time, I finally figured out what was going on, and basically the warning was justified, but it was not because the site was Information Technology.

So a warning to admins: the reason listed on the warning page may be misleading.

Originally, Information Technology was grouped into a User Activity (was it Suspicious or Risky Downloads?) and I felt that other entries in the group were justified, but not Information Technology. So I deleted it from the UA group. Perhaps XG still thinks it's in there for message-generating purposes. Or perhaps a reverse lookup lists that URL as being in Information Technology and that's the best that can be done at message-generation time.

In fact, the site was blocked by being in the Blocked URLs for Default Policy URL group, which is referenced from a Web Policy.

So this might be considered a bug report, though it might be very hard to fix it. Mostly a warning to admins: a URL might be Web filtered due to local or unique policies/groups and misattributed to an activity that you have modified.

Parents
  • Hi,

    I see that error in my daily reports even though I don't have Information Technology blocked. The logviewer shows many successful connections to Information Technology sites, WEB, SSl/TLS and application logs, but no failed/denied connections. So I am unable to locate which web site is producing the error.

    Ian

    Deep, deep investigation found the  issue being categorised as Information Technology, classified as "Risky downloads"

     
    V18.5.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Initially, it was another page that wasn’t working. I looked at the console of Safaris web inspector and saw a link to the blocked page, which includes IPS in the URL, but it’s not IPS, it’s Web Filtering, and I did see the URL there in the Web filtering log.

    I had removed Information Technology from perhaps Risky Downloads because I do IT, etc, so duh of course I’m going to access IT pages and sites. But perhaps there is a non-GUI-visible link that isn’t broken by doing it that way… Perhaps that is invisibly tweaked by a Pattern Update.

Reply
  • Initially, it was another page that wasn’t working. I looked at the console of Safaris web inspector and saw a link to the blocked page, which includes IPS in the URL, but it’s not IPS, it’s Web Filtering, and I did see the URL there in the Web filtering log.

    I had removed Information Technology from perhaps Risky Downloads because I do IT, etc, so duh of course I’m going to access IT pages and sites. But perhaps there is a non-GUI-visible link that isn’t broken by doing it that way… Perhaps that is invisibly tweaked by a Pattern Update.

Children