Cisco Cisco Web Security Appliance S360 Fehlerbehebungsanleitung
Question:
Why would setting certain categories to "Warn/Block" corrupt page layouts on some pages?
Environment:
Cisco Web Security Appliance (WSA) any AsyncOS version
•
Utilizing "Warn" or "Block" feature under URL categories
•
Symptoms: Some webpages shows up with incorrect layout when certain categories are configured to 'Block'
or 'Warn'
or 'Warn'
When opening a web−page, a browser would typically make multiple HTTP requests through the WSA proxy.
Each request would be independent and would be processed & categorized separately by WSA.
Each request would be independent and would be processed & categorized separately by WSA.
For example:
Say you visit the wesbite http://www.example.com/index.html. Let's assume that this is categorized as
"Computers and Internet"
"Computers and Internet"
•
The "Index.html" page has a references to an image hosted on 'www.advertisements.com', which is
categorized as "Advertisement".
categorized as "Advertisement".
•
Now, let's say we have the access policies on WSA (GUI > Web Security Manager > Access Policies),
configured to "Block" the 'Advertisements' category and "Monitor" the 'Computers and Internet' category
configured to "Block" the 'Advertisements' category and "Monitor" the 'Computers and Internet' category
Based on the above Access Policies configuration, access to www.example.com is permitted, but
access to www.advertisements.com is blocked.
access to www.advertisements.com is blocked.
•
When a user visits http://www.example.com/index.html on the browser, it makes a request to fetch
index.html from www.example.com.
index.html from www.example.com.
1.
Next, looking at the downloaded html file, browser would make a request to fetch an image hosted on
"www.advertisements.com".
"www.advertisements.com".
2.
When WSA receives this request, it blocks the transaction and returns an "End User Notification
(EUN)" indicating that the requested HTTP request was blocked.
(EUN)" indicating that the requested HTTP request was blocked.
3.
Browser receives a reply/blocked page from proxy, but it would not be able to render the requested
"image" because EUN is in HTML. Instead, browser (for example, Internet Explorer) would show a
'red X' where the image should be displayed.
"image" because EUN is in HTML. Instead, browser (for example, Internet Explorer) would show a
'red X' where the image should be displayed.
4.
From the above example above, we can see that an "image" has been blocked. But not all objects are always
visible. Example of such objects are java script files, style sheet files (css) etc. Java Script (JS), Style Sheet
(CSS) would be executed in the background and browser will not notify the user when the request is blocked.
When these objects are blocked, browser may not be able to render the page correctly and show you a page
with incorrect layout.
visible. Example of such objects are java script files, style sheet files (css) etc. Java Script (JS), Style Sheet
(CSS) would be executed in the background and browser will not notify the user when the request is blocked.
When these objects are blocked, browser may not be able to render the page correctly and show you a page
with incorrect layout.
If you come across a website or webpage which doesn't render correctly, please examine your accesslogs to
determine which domain or website is being 'Blocked' or 'Warned' by WSA.
determine which domain or website is being 'Blocked' or 'Warned' by WSA.
For more information on 'grepping' or examining the access logs, please visit the link below.
http://tinyurl.com/2l6qkw
http://tinyurl.com/2l6qkw
Please refer to the attached excerpt from User Guide which provides detailed explanation on reading the
access log output.
access log output.