Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 3024 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

web filtering with advertisements/pop ups logs

Guilherme Silva1

Hello,

Guys, I have the following situation:

In the user's web filtering logs, I have several records of accesses to URLs that the user did not actually access. For example, in the logs there is an access by user X to a certain URL, and in fact what happened was that when opening another website, there was an advertisement on this website that generated a request in the firewall when loading the web page, and that counted as if it were a user access, because there was a request.

This often happens with betting sites, the user accesses any site, on this site there is an advertisement/advertisement for a betting site and this request generated when loading the ad, generated a kind of "false positive", in that the user did not actually access that betting site.

I wonder if anyone has experienced this and if there is a better way to filter this out? focus more on real traffic from the user itself and not on other requests that are not generated by him.

I understand that it would be enough to use the consumption verification, but there are no access details and times.


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    the XG can block IP and URLs with hits but no data in the reports.

    The XG application control requires the attempted connection to be made with the remote site returning data before the XG blocks the application, so as a result you see hits and data in the reports, but the connection never proceeds, you might even see the blocked application appearing in the reports if your reports are configured to show blocked applications.

    Capturing the attempted transaction time shows up in logviewer - applications.

    I try to identify the IP address or the fqdn of the site and then create a block rule higher up the rule list that captures most, but not all traffic so the report does not show an data use..

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0

    Hi,

    the XG can block IP and URLs with hits but no data in the reports.

    The XG application control requires the attempted connection to be made with the remote site returning data before the XG blocks the application, so as a result you see hits and data in the reports, but the connection never proceeds, you might even see the blocked application appearing in the reports if your reports are configured to show blocked applications.

    Capturing the attempted transaction time shows up in logviewer - applications.

    I try to identify the IP address or the fqdn of the site and then create a block rule higher up the rule list that captures most, but not all traffic so the report does not show an data use..

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Unfiltered HTML