could you pls explain how to block uncategories wesites for particular users
This thread was automatically locked due to age.
could you pls explain how to block uncategories wesites for particular users
That seems odd to me. I just double-checked, I have no categorization problems with URLS that are 5K in length (for most of the internet 4K is the practical limit).
I would not expect to see sites becoming uncategorized, or having failures, due to the length of the URL.
Can you please give some examples from the log?
Can you please tell me the output of
cc get http sc_local_db
cc get http use_sxl_urid
Does the UTM need to use an upstream/parent proxy?
# cc get http sc_local_db
none
# cc get http use_sxl_urid
1
The plot thickens. As I analyzed my data, I found that more than 50% of the entries were for https. This is weird because nearly all of my users use Standard Mode with ADSSO on and HTTPS inspection disabled. So I excluded the small amount of traffic on other profiles, then verified that all of the entries were identical on other key parameters: itmid = 0060 (unauthorized category), category="9998,9998", http status code = 403, method=CONNECT and error="". As you know, CONNECT entries have no URL path, so my theory about path complexity is demolished.
I picked the top 50 by record counts. One was an invalid url related to autodiscover, and only one was not classified by McAfee. The remaining 48 fqdns represented just barely less than 30,000 log entries. One was classified as spyware/keylogger, which validates our decision to block anything UTM says is unclassified. I tested McAfee with https specified to be sure that the protocol did not distort the results.
Here are the top 10
logx.optimizely.com
k.streamrail.com
geo3.ggpht.com
ioms.bfmio.com
go.trouter.io
sp.analytics.yahoo.com
cdn.odc.officeapps.live.com
tracker.departapp.com
uscollector.tealeaf.ibmcloud.com
ecn.t2.tiles.virtualearth.net
For a second pass, I focused on the http uncategorized. Could not find any where the fqdn was sometimes allowed and sometimes blocked, based on the path, further obliterating my path-dependent theory. Here are the top 10 from my sample data
http://ssl.cdn.turner.com
http://static.criteo.net
http://fan.api.espn.com
http://www4.assets-gap.com
themes.googleusercontent.com
http://cnn.bounceexchange.com
http://bea4.cnn.com
http://w88.espn.com
http://colrep.sitelabweb.com
http://ml314.com
I said earlier that they are changing the SDK on the cloud servers. I think they made a mistake causing uncategorized.
Issue: subdomains are uncat even if the main domain is categorized. Therefore bounceexchange.com is categorized but cnn.bounceexchange.com is not.
Thank you very much, not more need for you to look at uncat.
Can you give me any examples for categorization failed or category=9999
I am thrilled that the problem is identified and a fix is likely to be straightforward. Please let me know when the change is complete. I want to process the URL that McAfee said was unclassified to verify that it flows through from them to you to my UTM.
The other lists, which were short, have been sent by PM.
Correction.
There are no recent changes to the sever. The problems that Douglas are experiencing are longstanding issues. They will be resolved when the servers get updated to the new SDK. I don't have a timeline on that, but I will post here when it occurs.