Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 2 subscribers
  • Views 723 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Policy Test can hang if testing URL blocked by Application Control rule - UTM Home

gcracker

I have a simple Application Control rule that blocks Doubleclick ads for some devices when "Application=Doubleclick"

When testing with a device in the policy group, the request is blocked and I get what looks to be an appropriate log entry in Web Filter log:

2021:05:26-07:57:09 HOSTNAME httpproxy[2550]: id="0066" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden application detected" action="block" method="CONNECT" srcip="10.100.200.22" dstip="172.217.7.2" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaInterLan (NAME_OF_PROFILE)" filteraction="REF_HttCffAllow (PROFILE_Filter_Action)" size="0" request="0x9aa5100" url="https://googleads.g.doubleclick.net/" referer="" error="" authtime="0" dnstime="3" aptptime="168" cattime="174" avscantime="0" fullreqtime="217830" device="0" auth="0" ua="" exceptions="" category="154" reputation="trusted" categoryname="Web Ads" country="United States" application="DBLCLICK" app-id="812"

If I parse it correctly, it says the URL is allowed {filteraction="REF_HttCffAllow (PROFILE_Filter_Action)"} by the Web Filter profile, but blocked by Application Control {name="web request blocked, forbidden application detected" action="block"} which is all well and good.

The trouble comes in when I attempt to test the URL (https ://googleads.g.doubleclick.net/) in the Policy Helpdesk / Policy Test tool. The test hangs the web request in the browser, prompting the question about waiting another 30 seconds.

At first I thought the tool was just broken, or I had a bad session, but I realized it functioned and returned results quickly for other URLs tested. It was just that URL that would hang it.

Now, I've "fixed" the problem apparently, by disabling the Application Control rule, and re-enabling it. Now I get a snappy response and appropriate reporting.

Is this something to look for in my configuration/rules? Does Application Control sometimes cause trouble with the Policy Helpdesk?

EDIT: I added a space in the test URL to avoid creating a link insert



This thread was automatically locked due to age.
Unfiltered HTML