I am trying to block a couple of bad websites. I went into base policy and created a list of sites, including "*.badsite1.com" and "*.badsite2.com". The first site is blocked with a message of "an error occurred while handling your request" and "connection refused". The second site gets the message of "Content blocked" with a button that allows for unblocking. Why the difference?
Here's the log entries for each site:
2018:04:18-16:43:28 tsefw-1 httpproxy[5784]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="172.24.32.252" dstip="209.239.175.95" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="2543" request="0x1db71000" url="http://www.badsite1.com/" referer="" error="Connection refused" authtime="0" dnstime="88" cattime="110" avscantime="0" fullreqtime="57988" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 5.2; rv:47.0) Gecko/20100101 Firefox/47.0" exceptions="" category="130" reputation="malicious" categoryname="Malicious Sites"
2018:04:18-16:42:50 tsefw-1 httpproxy[5784]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="172.24.32.252" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3213" request="0x17f8c600" url="http://www.badsite2.com/" referer="" error="" authtime="0" dnstime="0" cattime="75" avscantime="0" fullreqtime="269" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 5.2; rv:47.0) Gecko/20100101 Firefox/47.0" exceptions="" reason="category" category="149" reputation="neutral" categoryname="Pornography"
This thread was automatically locked due to age.
