Ironport S370 Custom URL Category failing
I have an access policy on an Ironport S370 configured for a locked down AD account that is allowing access to only two internal sites and blocking all other categorized and non-categorized URLs. I've created custom URL categories for these two URLs and added them to this access policy, however about 2 weeks ago one of the URLs started to get blocked because it matched a predefined URL category that is blocked.
This rule is #1 in the order of access policies. Under the Access policy I see the 2 custom URL categories set to 'Allow' and all of the Pre-defined URL categories are set to 'Block'. Is this the recommended setup for doing what I'm trying to do? It seems the pre-defined category settings are over-riding my custom URL categories. Any suggestions?
Thanks!
Mark
Erik,
Thanks for the fast response again! So I already have the 2 URLs added as custom categories to the access policy. The only other config I have in this access policy is that it BLOCKS all other categorized and un-categorized URLs.
Do the Custom URL categories always override the pre-defined category settings? It seems to be ignoring my custom URL categories.
I'm also using just the domains in the Custom URL categories, so it's cisco.com instead of www.cisco.com. Could this be part of the problem?
Thanks,
Marcus
Similar Messages
-
Ironport S160 Access Policy URL Category not working
I have created a custom URL category "Allowed Sites" and put some sites in there that I want the proxy not to block and ticked the "Allow" field in my Access Policy.
Those sites also match the predefined URL category "Online Storage and Backup" which is blocked.
When I try to access those websites, the proxy blocks them saying they belong to the above predefined category.
Now, how can I allow those few sites, but not the whole predefined category??? Why is my custom category not being considered? URLs in there look like .example.com, .example2.com
Any help appreciated,
KatHi Kush,
find attached the screenshot of the Access Policy with only the first few lines of the Predefined URL Categories. Also the category I created with "mozy.com" and others in it.
This is the output of a policy trace for a user that is assigned to this Access Policy when testing the URL in question "mozy.com"
URL Check
WBRS Score: 6.5
URL Category: Online Storage and Backup
Policy Match
IronPort Data Security policy: None
Decryption policy: None
Routing policy: None
Identity policy: NTLM_Identity
Access policy: exHSP
Final Result
Request blocked
Details: Request blocked based on URL category
Trace session complete
I'll do the tail and later today.
Kat -
Application is not working while going through Ironport S370
Hi,
We have deployed the Ironport as wccp trasperant mode and using software version is 7.1.3.
We are configured one application url in Allowed custom url categories, but we are not able to access the application when its traffic is flowing through the ironport . After we created the bypass policy for that url application is responding properly for the client request. When we are doing the policy trace(all the time, with or without bypass policy) for the url we are getting ERR GATEWAY message. Please find the below mentioned policy trace output.
User Information
User name: None
Group Membersip: None
User Agent: mozilla 4.0
Custom url category : Allowed
Policy match
Iron port data security policy : None
Decryption policy: None
Routing policy : Global routing policy
Identity policy: No Authentication
Access policy: No Authentication policy
Final Result
Request Blocked
Details: ERR GATEWAY
Trace session complete
Kindly suggest why this error is happening ? and How can i use the application through proxy with out doing the bypass settings.
Thanks in Advance
Regards,
RanjithAre you using L4TM? If so please check your L4TM logs for the domain you are trying to access. ERR_GATEWAY can indicate L4TM is blocking the website.
Christian Rahl
Customer Support Engineer
Cisco IronPort - Web Security Appliances
Cisco Technical Assistance Center RTP
United States Ironport: 1-877-641-IRON (4766) -
Bonjour,
Mon client souhaite accéder au site http://rumafia.com. Celui ci est bloquer par la wbrs de mon s160 en tant que malware ytpe pishing.
J'ai ajouté l'adresse rumafia.com dans ma custum url et fais matché la white list dans mon acces policy. Mon client n'atteind toujours pas le site.
lorsque je fais un trace policy j'obtiens :
ser Information
User Name: None
Group Membership: None
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1
Custom URL Category: WL02 Liste des URLs autorisees
Policy Match
IronPort Data Security policy: None
Decryption policy: None
Routing policy: None
Identity policy: Global Identity Policy
Access policy: BLOCK_ALL
Final Result
Request blocked
Details: Protocol blocked based on applications settings in Access policy
Trace session complete
avez vous une idée ?
en vous remerciantHello,
This is getting caught by an Access Policy called "BLOCK_ALL".
However, to bypass the WBRS you need to set your custom URL category to allow and monitor.
Many thanks
Chris
========================
Bonjour,
Ceci est attrapé par une politique d'accès appelé "BLOCK_ALL".
Toutefois, afin de contourner les WBRS vous avez besoin pour configurer votre catégorie d'URL personnalisée pour permettre et assurer le suivi.
Un grand merci
Chris -
Managing Custom URL using a file?
hi all
I'm looking for a possibility to manage URL black/whitelists. I know I could do it with the Web interface with custom URLs.
We would like to give this work to another group inside our company. But these people should not manage the box itself. As far as I know we cannot set restricted admin priviledges to custom URL customization.
Is there a possibility to "import" a list of custom URLs using command line commands or uploaded files?Ironport appliance don't have any automated way of pushin a file just for custom category.
You can attempt to give the config file with only the custom category section only and have the user make the needed addition/deletion, then paste back to the config for an upload, although this can be prone to errors made the user's typo.
You can change a user role to operator as an option, under 'System Administration > User':
The operators group restricts users from creating, editing, or removing user
accounts. The operators group also restricts the use of the following
commands:
• resetconfig
• upgradecheck
• upgradeinstall
• systemsetup or running the System Setup Wizard -
Custom URL Handler in Java does not work for JavaFX
Hi,
for the purpose of playing Media Files that are decrypted on the fly and then hold in memory with the JavaFX MediaPlayer we are trying to register a custom URL Handler. The thought behind that would be that with the handler JavaFX should be able to open a stream and play back the file (a bit like jar://). In a testcase isolated from JavaFX my handler including registration at JVM is working fine, but once i plug it into JavaFX it stops to do so. I'm calling the Media(String) constructor. It fails with "Unsupported scheme". It seems like that JavaFX is not relying on the JVM URLStreamFactory but rather implementing a separate mechanism to figure out which handler it should use thus failing in my use case.
Is this expected behavior and if so can anybody suggest a work around?
EDIT: Actually read the Javadoc for Media. It explicitly says that it only supports File, HTTP and Jar. So it is expected behavior however I am still open for suggestions on this.
cheers,
andreas
Edited by: Andreas Mohrhard on 01.11.2011 03:26I believe that the connection details are stored as part of the CR itself. Therefore if you update a connection in the CMC that might not change the parameters and credentials, especially when using sub-reports.
Hope this helps...
Martijn van Foeken
Focuzz BI Services
http://www.focuzz.nl
http://nl.linkedin.com/in/martijnvanfoeken
http://twitter.com/mfoeken -
Hello:
Is there a way to setup a custom URL protocol for an Adobe Air app on an Android table? For example if you have a link in a web site like "myapp://sync", when you click it the app would open and you could check the params?
Thanks!I am sure it has to do with the manafest.xml. I am able to get the browser to switch to the app but then it crashes and says "force close"
<application android:enabled="true">
<activity android:name="com.myapp.launch">
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.LAUNCHER" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="myapp" android:host="app" />
</intent-filter>
</activity>
</application>
What am I doing wrong? -
Cisco Jabber for iPad - custom URL?
The Cisco Jabber client for iOS is great, and we'd love to integrate it with one of our iPad applications. All iOS applications have an optional "custom URL" they can assign to themselves that enables them to be invoked by another application. They may also optionally include paramters (for example, a phone number). Does a custom URL exist for the jabber iOS client, and if so, is it possible to send it a parameter for a phone number so that it dials as soon as it starts up? Thanks.
I don't get presence either, and would like to know if there is an answer for it.
If I look up my user in the provisioning directory, it does show that my iPad is provisioned and active for my account.
I can't say anything toward the lisence count, it's hard to say with all the accounts we have active sometimes.
Our infrastructure is slightly different in that we are running TMS 13.2.1 and using TMS Agent Legacy. -
IR Report "Link" Attibute Custom URL Escape : (colon) Character
<h2>I am running Apex 4.0.2 and have an interactive report page 242 with a result set.</h2>
Scenario
In the "Report Attributes" "Link" settings I want to link the report to a 'Custom URL' target to take the user from this IR Report Page 242 to page 243 to a 'Single Record Data Entry Form'
I am setting the value of the custom url target as:
f?p=&APP_ID.:243:&SESSION.::&DEBUG.:243:P243_NAME,P243_DESCRIPTION,P243_LOCATION:#SOURCE_NAME#,#DESCRIPTION#,#LOCATION#:The P243_LOCATION column, however, has a ':' colon and a '.' values in the database column itself with a value of *'jdbc:Host123.abcd'*
When the user clicks on the link the FULL location column is truncated before the ':' - OBVIOUSLY due to ':' being the paremeter separator column in apex
So, the #LOCATION# value on Page 242 IR Report containing a value of *'jdbc:Host123.abcd'* is trunced on the called page 243 as 'jdbc' only and truncated prior to the ':' value contained in the field.
Question:
HOW Can I build the above URL so that the ':' can be visible on the Page 243 form field? with the full value passed into the called page with a value of: *'jdbc:Host123.abcd'* ?
I tried the SYS.htf_esc(#LOCATION#) around the calling URL above, but doesn't work as expected.
Any advice is greatly appreciated.
VSKHi,
You can not escape colons but you can pass commas in the url. Enclose the item value in \item_value\ to escape the "," in the item value . For colons, I would suggest creating a hidden field in the source report with SQL REPLACE function and replace all the colons with any other character like ||. Then you can use the same replace function on the target page to match with the new item value.
Hope it helps. Thanks.
Regards,
Manish -
how do you connect your photoshop elements on your computer to your account online? and how do you create a customized url? how does the gallery work and how do you access it? i have trouble signing in on my program from my computer to connect to the online photoshop, and I really want to create my own customized url and post photos to my gallery and share them with the world, family, and friends, but i need help because i can't figure how to do any of this, would really appreciate feedback and assistance, thanks, - claire conlon
To add to sig's reply, "calibrating" does not calibrate Lithiu-Ion batteries, it calibrates the charge reporting circuitry. If you look at the effect of deep discharging Lithium-Ion batteries in the data from the independent test group, Battery University, you will see that doing so shortens the life of the battery significantly. It looks like an optimum balance between use and life is at a discharge level of 50%.
-
PCUI - open New Window via Button (to call custom URL / HTML viewer)
Hello group,
I have followed the "Use CRM PCUI HTML viewer to call a custom URL" in order to create a custom URL to BW web template.
However, instead of displaying the URL in a tab (this works fine), I want a Button in the Accounts view to open up a New Window displaying the URL there.
Here is what I have done:
Create Field Group & Structure
Create Event
- Usage: Layout-Relevant
- Text: Web template call
Added Event to Toolbar Group ACC_OIC
Define Application Layout (CRMM_ACCOUNT) for Event
- Position: New Window
- Screen Element Type: HTML
- my field group
- my structure
Define Application Set (COMM_BUPA)
- my structure
- my access class
The button is there, when clicked the read-method of my access class is executed, but no New Window is opened with the URL displayed.
Is there something I am missing? Can the HTML viewer not called in a new window?!
I appreciate any input you can provide me.
Thanks and regards,
ErikI have the same problem. PCUI toolbar button open url http://www.google.com in new window .
It sames so easy open a link on web page.
why so hard in PCUI !
My god , who design the PCUI.
anyone solve this problem , let me know please. Thanks!
[email protected] -
Slow throughput Ironport S370 Proxy CPU 100%
We have a cluster of 3 x Ironport S370's all running 7.7.0-753
The throughput is really poor we have a 500Mbps Internet connection which at it's peak is only getting to 120Mbps as the Ironports don't seem to be able to handle the traffic.
The Proxy CPU% is always close to 100% but the overall CPU is usually at no more than 30% at times it can take up to 60 seconds to load the initial page particularly if the site is an HTTPS site.
We have
22 Identities
62 Access policies
6 decryption Policies
Our maintainer says that having this number of Identities / policies should not be an issue but I have my doubts.
Can anyone advise as it's really become a major issue, Output from the rate and status commands are below.
%proxy reqs client server %bw disk disk
CPU /sec hits blocks misses kb/sec kb/sec saved wrs rds
99.00 285 373 1293 1193 26484 21838 17.5 550 100
99.00 286 209 1313 1335 28682 24532 14.5 635 80
99.00 285 182 1323 1359 37083 33529 9.6 1351 0
100.00 231 132 1051 1113 34816 34151 1.9 355 0
98.00 253 161 1171 1195 39668 37236 6.1 1363 0
99.00 294 256 1225 1469 51371 43304 15.7 1117 40
96.00 346 525 1166 1763 31882 23300 26.9 1328 0
98.00 302 228 1258 1534 30385 25565 15.9 1302 0
99.00 295 149 1200 1597 26253 22888 12.8 816 0
98.00 275 199 1020 1536 35237 31443 10.8 838 0
99.00 288 184 1131 1574 35019 26688 23.8 1433 0
99.00 262 116 1073 1437 24744 23228 6.1 1306 0
105.00 307 292 1165 1610 24249 20236 16.6 1061 0
Status as of: Thu Oct 16 08:28:10 2014 GMT
Up since: Wed Oct 15 15:21:19 2014 GMT (17h 6m 51s)
System Resource Utilization:
CPU 28.2%
RAM 82.6%
Reporting/Logging Disk 16.0%
Transactions per Second:
Average in last minute 266
Maximum in last hour 296
Average in last hour 118
Maximum since proxy restart 296
Average since proxy restart 9
Bandwidth (Mbps):
Average in last minute 25.461
Maximum in last hour 49.605
Average in last hour 16.400
Maximum since proxy restart 49.605
Average since proxy restart 1.365
Response Time (ms):
Average in last minute 179
Maximum in last hour 526
Average in last hour 192
Maximum since proxy restart 17710
Average since proxy restart 3165
Cache Hit Rate:
Average in last minute 16
Maximum in last hour 25
Average in last hour 7
Maximum since proxy restart 25
Average since proxy restart 0
Connections:
Idle client connections 1276
Idle server connections 1170
Total client connections 1638
Total server connections 1890In the release notes it states...
IMPORTANT: During testing of AsyncOS 7.7.0, Cisco observed performance changes ranging from +
33% to - 16%, depending on the model and configuration. Performance degradation risk is limited to
S160 & S360 models and models S370 and S660 that are running the web proxy without security
services. If you experience performance degradation with AsyncOS 7.7.0, Cisco recommends that you
revert to AsyncOS 7.5.x.
http://www.cisco.com/c/dam/en/us/td/docs/security/wsa/wsa7-7/Release_Notes/WSA_7-7-0_Builds_after_725_Release_Notes.pdf -
How to create custom url with struts2+spring application
Hi EveryOne,
I am new to struts2 application. I have the requirement on "*custom URL*"
when I enter into my project like http://localhost:8080/App/secure/someaction.action?bookname=kathersera
this is opening the particuler book in my project. upto this its fine.
Now My requirement is that
Even if we type like (+http://localhost:8080/App/kathersera+) author name it should go to that particular page.
Any idea to implement this feature.
I searched a lot on internet. I didnot get any information.
Please help me to come out this problem.
thanks in advanceHi PYRAMESH,
U are using opening page using server. So, If u do not make a request to server to veiw the page how could u see the page directly. So u have to make any event to open the page Like here http://localhost:8080/App/secure/someaction.action?bookname=kathersera, the page is opened on the result of someaction.action. but if u try to use http://localhost:8080/App/kathersera, u r not using any action, so it s not possible to open the page directly. -
I am using Firefox 22 (I like its features and do not want the features added in later version.) I have added a handful of custom URL buttons to the navigation bar that allow me to go instantly to websites I visit frequently. There was/is a function in Firefox for adding such buttons. This morning, after leaving my computer on all night, I found that the custom buttons had disappeared and I could no longer find the function for adding new ones. Can you tell me what has happened and how I can add custom URL buttons? I will appreciate your help. Thank you.
I solved my own problem. This function was added by Google Shortcuts, which somehow became disabled. After fussing ariound for a few minutes. I was able to restore it.
-
PR Workflow need to add custom URL
Hi
I need to add a custom URL in the Purchase Requisition work flow mailer notifications.
Please let me know you suggestions on this.
Regards
YramHi Ramesh,
As i knoew in case of va05 there is no badi or exit available to achieve this functionality.There is a provision to add some fields in report out put.I hope this is possible through a custom one.
Regards,
Madhu
Maybe you are looking for
-
Invalid File Handle Windows 7 with Novell Client 2 SP1
Hello! I have a user on Windows who gets "invalid file handle" when saving files in WordPerfect and possibly Adobe as well. He thinks it mostly occurs when he has multiple files open and has saved one open file to a different directory. Then if he go
-
Spotlight mp3 search results - showing song title only
Hi, Since upgrading to 10.9 spotlight only shows the tag of the songs instead of the filename. this is really annoying. Is there any way to fix this? Thanks, Udi
-
as above
-
Fatal error LNK1181: cannot open input file"OLDNAMES.LIB
Hello, everybody. My problem is :'fatal error LNK1181: cannot open input file "OLDNAMES.LIB"' Somebody can help me? Thanks a lot for your assistance. I tried to passe a C structure between Forte and C. I taked the exemple of forté : technote ID : 106
-
Adapter/charge cycle question
Sorry for all the questions. This will be my last one. I use my iPod with a FM transmitter a lot at home and in the car while having it connected to the adapter. Does using the adapter still count as a charge cycle?. Say, hypothetically, I use the iP