ssionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=445&TYPE=xmlhttp&zx=a5cnrvsof39z&t=1&bcsi_scan_36eb41fd84054c8c=jEVmc9cwsaaRt9X3bGlolbH0H48CAAAAFL08AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 1 static categorization time: 1 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 30605 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 277 elapsed 0 ms client-out: start 5349 elapsed 0 ms access-logging: start 30605 elapsed 0 ms stop-transaction: start 30605 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 1 ICAP Response Scan: start 607 delay 0 finish 30604 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 277 first-byte 606 last_byte 30597 client connection: first-response-byte 5350 last-response-byte 30605 Total time added: 8 ms Total latency to first byte: 5020 ms Request latency: 0 ms OCS connect time: 276 ms Response latency (first byte): 4744 ms Response latency (last byte): 8 ms stop transaction -------------------- start transaction ------------------- transaction ID=3993196 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:33:08 UTC CONNECT tcp://collector-pxzhh9f9x0.px-cloud.net:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='need_credentials' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 2 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 2 elapsed 0 ms client-out-terminated: start 2 elapsed 0 ms access-logging: start 2 elapsed 0 ms stop-transaction: start 2 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 2 client connection: first-response-byte 0 last-response-byte 2 stop transaction -------------------- start transaction ------------------- transaction ID=3993199 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:33:08 UTC CONNECT tcp://collector-pxzhh9f9x0.px-cloud.net:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='Unknown Status' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 3 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 2 elapsed 1 ms client-out-terminated: start 3 elapsed 0 ms access-logging: start 3 elapsed 0 ms stop-transaction: start 3 elapsed 0 ms Total Policy evaluation time: 1 ms url_categorization complete time: 2 client connection: first-response-byte 0 last-response-byte 3 stop transaction -------------------- start transaction ------------------- transaction ID=3993200 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] miss: [Rule] http.response.code=200 MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:33:08 UTC CONNECT tcp://collector-pxzhh9f9x0.px-cloud.net:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 5 elapsed 2 ms authorization start 7 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 11 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 5 elapsed 3 ms access-logging: start 11 elapsed 0 ms stop-transaction: start 11 elapsed 0 ms Total Policy evaluation time: 3 ms url_categorization complete time: 5 client connection: first-response-byte 0 last-response-byte 11 stop transaction -------------------- start transaction ------------------- transaction ID=3993203 type=ssl.tunnel transaction handed off from: 3993200 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:33:08 UTC unknown ssl://collector-pxzhh9f9x0.px-cloud.net:443/ origin server next-hop IP address=35.186.220.184 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 0 static categorization time: 0 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 161 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms stop-transaction: start 161 elapsed 0 ms Total Policy evaluation time: 0 ms ssl server hello complete: 160 url_categorization complete time: 0 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 80 Total time added: 0 ms Total latency to first byte: 79 ms Request latency: 0 ms OCS connect time: 79 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=3993241 type=https.forward-proxy transaction handed off from: 3993204 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:33:08 UTC POST https://collector-pxzhh9f9x0.px-cloud.net/api/v2/collector rewritten URL(s): cache_url=https://collector-pxzhh9f9x0.px-cloud.net/api/v2/collector?bcsi_scan_36eb41fd84054c8c=6+M/c8A+asc6AzQ7HALZ1h7z49ICAAAAme48AA== origin server next-hop IP address=35.186.220.184 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Content-Length: 1000 Referer: https://www.udemy.com/course/isetraining/learn/lecture/13568468?start=15 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Web Ads/Analytics@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 405 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 96 elapsed 0 ms server-out: start 175 elapsed 0 ms server-in: start 175 elapsed 0 ms client-out: start 405 elapsed 0 ms access-logging: start 405 elapsed 0 ms stop-transaction: start 405 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 95 ICAP Response Scan: start 283 delay 0 finish 405 server connection: start 175 DNS Lookup: start 175 elapsed 0 ms server connection: connected 175 first-byte 282 last_byte 283 client connection: first-response-byte 405 last-response-byte 405 Total time added: 201 ms Total latency to first byte: 202 ms Request latency: 79 ms OCS connect time: 0 ms Response latency (first byte): 123 ms Response latency (last byte): 122 ms stop transaction -------------------- start transaction ------------------- transaction ID=3993785 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance miss: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance miss: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:33:11 UTC GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=4ohxs7me9pyq origin server next-hop IP address=172.217.19.3 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://drive.google.com/drive/my-drive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Office/Business Applications@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: Google Drive application.operation: none application.group: File Sharing;Storage DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' Transaction timing: total-transaction-time 285 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 285 elapsed 0 ms access-logging: start 285 elapsed 0 ms stop-transaction: start 285 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 284 last_byte 285 client connection: first-response-byte 285 last-response-byte 285 Total time added: 0 ms Total latency to first byte: 1 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 1 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=3993864 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:33:11 UTC POST https://beacons.gvt2.com/domainreliability/upload origin server next-hop IP address=172.217.19.3 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Web Ads/Analytics@Blue Coat total categorization time: 1 static categorization time: 1 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' Transaction timing: total-transaction-time 279 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 279 elapsed 0 ms access-logging: start 279 elapsed 0 ms stop-transaction: start 279 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 1 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 279 last_byte 279 client connection: first-response-byte 279 last-response-byte 279 Total time added: 0 ms Total latency to first byte: 0 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=3988397 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:32:50 UTC GET https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=447&TYPE=xmlhttp&zx=68waaxnqiubs&t=1 rewritten URL(s): cache_url=https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=447&TYPE=xmlhttp&zx=68waaxnqiubs&t=1&bcsi_scan_36eb41fd84054c8c=hnOaPfdpSsZeDbsMwxNxQxDeFUICAAAArds8AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 28893 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 4294 elapsed 0 ms access-logging: start 28893 elapsed 0 ms stop-transaction: start 28893 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 ICAP Response Scan: start 133 delay 0 finish 28892 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 133 last_byte 28885 client connection: first-response-byte 4294 last-response-byte 28893 Total time added: 8 ms Total latency to first byte: 4161 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 4161 ms Response latency (last byte): 8 ms stop transaction -------------------- start transaction ------------------- transaction ID=3996101 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:33:19 UTC GET https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=449&TYPE=xmlhttp&zx=ymvunwnw3bgj&t=1 rewritten URL(s): cache_url=https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=449&TYPE=xmlhttp&zx=ymvunwnw3bgj&t=1&bcsi_scan_36eb41fd84054c8c=EaQ8i+w4eL/4WW4ENl7wKFxxo9ECAAAAxfk8AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 25159 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 4970 elapsed 0 ms access-logging: start 25159 elapsed 0 ms stop-transaction: start 25159 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 ICAP Response Scan: start 331 delay 0 finish 25158 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 330 last_byte 25151 client connection: first-response-byte 4970 last-response-byte 25159 Total time added: 8 ms Total latency to first byte: 4640 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 4640 ms Response latency (last byte): 8 ms stop transaction -------------------- start transaction ------------------- transaction ID=4005143 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:33:54 UTC POST https://beacons.gvt2.com/domainreliability/upload origin server next-hop IP address=172.217.19.3 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Web Ads/Analytics@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' Transaction timing: total-transaction-time 281 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 280 elapsed 0 ms access-logging: start 281 elapsed 0 ms stop-transaction: start 281 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 280 last_byte 280 client connection: first-response-byte 280 last-response-byte 281 Total time added: 1 ms Total latency to first byte: 0 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 0 ms Response latency (last byte): 1 ms stop transaction -------------------- start transaction ------------------- transaction ID=4002476 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:33:44 UTC GET https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=451&TYPE=xmlhttp&zx=vvpdtfjc6dmk&t=1 rewritten URL(s): cache_url=https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=451&TYPE=xmlhttp&zx=vvpdtfjc6dmk&t=1&bcsi_scan_36eb41fd84054c8c=eYiGb3qYCLKVPOtSsB4cjqmmOT0CAAAArBI9AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 30045 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 4287 elapsed 0 ms access-logging: start 30044 elapsed 0 ms stop-transaction: start 30045 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 ICAP Response Scan: start 133 delay 1 finish 30044 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 132 last_byte 29929 client connection: first-response-byte 4287 last-response-byte 30044 Total time added: 115 ms Total latency to first byte: 4155 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 4155 ms Response latency (last byte): 115 ms stop transaction -------------------- start transaction ------------------- transaction ID=4010441 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] MATCH: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) [builtin-epilog:9] miss: variable.time_quota_enforced=true miss: variable.volume_quota_enforced=true miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true miss: [builtin-epilog:52] variable.volume_quota_enforced=true miss: [builtin-epilog:66] variable.volume_quota_enforced=true miss: [builtin-epilog:71] variable.volume_quota_enforced=true [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa MATCH: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) exception(user_defined.my_exception) miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.volume_quota_enforced=true miss: variable.volume_quota_enforced=true miss: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=FALSE volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:34:14 UTC POST https://beacons.gcp.gvt2.com/domainreliability/upload Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy url.category: none@Policy;Web Ads/Analytics@Blue Coat;Suspicious@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 403 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' Transaction timing: total-transaction-time 1 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out-terminated: start 1 elapsed 0 ms access-logging: start 1 elapsed 0 ms stop-transaction: start 1 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 client connection: first-response-byte 0 last-response-byte 1 stop transaction -------------------- start transaction ------------------- transaction ID=4010523 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:34:15 UTC POST https://beacons.gvt2.com/domainreliability/upload origin server next-hop IP address=172.217.19.3 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Web Ads/Analytics@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' Transaction timing: total-transaction-time 277 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 277 elapsed 0 ms access-logging: start 277 elapsed 0 ms stop-transaction: start 277 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 277 last_byte 277 client connection: first-response-byte 277 last-response-byte 277 Total time added: 0 ms Total latency to first byte: 0 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4010442 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:34:14 UTC GET https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=453&TYPE=xmlhttp&zx=5zh8zqaaatah&t=1 rewritten URL(s): cache_url=https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=453&TYPE=xmlhttp&zx=5zh8zqaaatah&t=1&bcsi_scan_36eb41fd84054c8c=adNa4kW/oO65TbEab63RgHP7nU4CAAAAyjE9AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 1 static categorization time: 1 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 28605 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 2 elapsed 0 ms client-out: start 4811 elapsed 0 ms access-logging: start 28605 elapsed 0 ms stop-transaction: start 28605 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 1 ICAP Response Scan: start 336 delay 0 finish 28605 server connection: start 1 DNS Lookup: start 1 elapsed 1 ms server connection: connected 2 first-byte 335 last_byte 28597 client connection: first-response-byte 4811 last-response-byte 28605 Total time added: 8 ms Total latency to first byte: 4477 ms Request latency: 0 ms OCS connect time: 1 ms Response latency (first byte): 4476 ms Response latency (last byte): 8 ms stop transaction -------------------- start transaction ------------------- transaction ID=4017837 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:34:43 UTC GET https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=455&TYPE=xmlhttp&zx=qqa68y3gdm0t&t=1 rewritten URL(s): cache_url=https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=455&TYPE=xmlhttp&zx=qqa68y3gdm0t&t=1&bcsi_scan_36eb41fd84054c8c=gVCwTfk2RNjBfoV2NrrHHjmA5K4CAAAArU49AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 25238 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 4730 elapsed 0 ms access-logging: start 25238 elapsed 0 ms stop-transaction: start 25238 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 1 ICAP Response Scan: start 139 delay 0 finish 25238 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 137 last_byte 25230 client connection: first-response-byte 4731 last-response-byte 25238 Total time added: 8 ms Total latency to first byte: 4594 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 4594 ms Response latency (last byte): 8 ms stop transaction -------------------- start transaction ------------------- transaction ID=4025914 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance miss: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance miss: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:35:11 UTC GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=yb911e7zm8r2 origin server next-hop IP address=216.58.208.227 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://drive.google.com/drive/my-drive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Office/Business Applications@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: Google Drive application.operation: none application.group: File Sharing;Storage DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' Transaction timing: total-transaction-time 920 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 636 elapsed 0 ms client-out: start 920 elapsed 0 ms access-logging: start 920 elapsed 0 ms stop-transaction: start 920 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 636 first-byte 920 last_byte 920 client connection: first-response-byte 920 last-response-byte 920 Total time added: 0 ms Total latency to first byte: 635 ms Request latency: 0 ms OCS connect time: 635 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4027426 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:35:18 UTC POST https://beacons.gvt2.com/domainreliability/upload origin server next-hop IP address=172.217.19.3 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Web Ads/Analytics@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' Transaction timing: total-transaction-time 276 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 275 elapsed 0 ms access-logging: start 275 elapsed 1 ms stop-transaction: start 276 elapsed 0 ms Total Policy evaluation time: 1 ms url_categorization complete time: 0 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 275 last_byte 275 client connection: first-response-byte 275 last-response-byte 275 Total time added: 0 ms Total latency to first byte: 0 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4024931 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:35:08 UTC GET https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=457&TYPE=xmlhttp&zx=binh1k3ab7r8&t=1 rewritten URL(s): cache_url=https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=457&TYPE=xmlhttp&zx=binh1k3ab7r8&t=1&bcsi_scan_36eb41fd84054c8c=XAW5X9kr88e2BiUi9AbBV6cwVoYCAAAAY2o9AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 28604 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 4970 elapsed 0 ms access-logging: start 28603 elapsed 0 ms stop-transaction: start 28604 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 ICAP Response Scan: start 336 delay 0 finish 28603 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 335 last_byte 28487 client connection: first-response-byte 4970 last-response-byte 28603 Total time added: 116 ms Total latency to first byte: 4635 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 4635 ms Response latency (last byte): 116 ms stop transaction -------------------- start transaction ------------------- transaction ID=4032427 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:35:37 UTC GET https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=459&TYPE=xmlhttp&zx=je6sekg0wkg4&t=1 rewritten URL(s): cache_url=https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=459&TYPE=xmlhttp&zx=je6sekg0wkg4&t=1&bcsi_scan_36eb41fd84054c8c=s5RU03ba+sFStslXclFcTWvNXtsCAAAAq4c9AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 25653 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 4918 elapsed 0 ms access-logging: start 25653 elapsed 0 ms stop-transaction: start 25653 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 ICAP Response Scan: start 335 delay 0 finish 25652 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 334 last_byte 25533 client connection: first-response-byte 4918 last-response-byte 25653 Total time added: 120 ms Total latency to first byte: 4584 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 4584 ms Response latency (last byte): 120 ms stop transaction -------------------- start transaction ------------------- transaction ID=4039147 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:36:03 UTC GET https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=461&TYPE=xmlhttp&zx=4c63xgxt7yp4&t=1 rewritten URL(s): cache_url=https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=461&TYPE=xmlhttp&zx=4c63xgxt7yp4&t=1&bcsi_scan_36eb41fd84054c8c=8HyFcQglDgXONZlpvShqA0xdSroCAAAA66E9AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 28910 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 4756 elapsed 1 ms access-logging: start 28910 elapsed 0 ms stop-transaction: start 28910 elapsed 0 ms Total Policy evaluation time: 1 ms url_categorization complete time: 0 ICAP Response Scan: start 175 delay 0 finish 28909 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 174 last_byte 28798 client connection: first-response-byte 4757 last-response-byte 28910 Total time added: 112 ms Total latency to first byte: 4583 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 4583 ms Response latency (last byte): 112 ms stop transaction -------------------- start transaction ------------------- transaction ID=4049227 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:36:42 UTC POST https://play.google.com/log?format=json&hasfast=true rewritten URL(s): cache_url=https://play.google.com/log?format=json&hasfast=true&bcsi_scan_36eb41fd84054c8c=1ZLGYRHC/0Y9m3jvy3BHwo9U9Z0CAAAAS8k9AA== origin server next-hop IP address=172.217.19.14 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Content-Length: 589 Referer: https://ogs.google.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Shopping@Blue Coat;Software Downloads@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 634 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 633 elapsed 0 ms access-logging: start 633 elapsed 0 ms stop-transaction: start 634 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 ICAP Response Scan: start 630 delay 0 finish 633 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 347 first-byte 629 last_byte 633 client connection: first-response-byte 633 last-response-byte 633 Total time added: 0 ms Total latency to first byte: 350 ms Request latency: 0 ms OCS connect time: 346 ms Response latency (first byte): 4 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4052684 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:36:55 UTC CONNECT tcp://play.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='need_credentials' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Shopping@Blue Coat;Software Downloads@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 1 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms client-out-terminated: start 1 elapsed 0 ms access-logging: start 1 elapsed 0 ms stop-transaction: start 1 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 1 client connection: first-response-byte 0 last-response-byte 1 stop transaction -------------------- start transaction ------------------- transaction ID=4052686 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:36:55 UTC CONNECT tcp://play.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='Unknown Status' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Shopping@Blue Coat;Software Downloads@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 1 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms client-out-terminated: start 1 elapsed 0 ms access-logging: start 1 elapsed 0 ms stop-transaction: start 1 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 1 client connection: first-response-byte 0 last-response-byte 1 stop transaction -------------------- start transaction ------------------- transaction ID=4052687 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] miss: [Rule] http.response.code=200 MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:36:55 UTC CONNECT tcp://play.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 1 elapsed 3 ms authorization start 4 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Shopping@Blue Coat;Software Downloads@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 6 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 3 ms access-logging: start 6 elapsed 0 ms stop-transaction: start 6 elapsed 0 ms Total Policy evaluation time: 3 ms url_categorization complete time: 1 client connection: first-response-byte 0 last-response-byte 6 stop transaction -------------------- start transaction ------------------- transaction ID=4052688 type=ssl.tunnel transaction handed off from: 4052687 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:36:55 UTC unknown ssl://play.google.com:443/ origin server next-hop IP address=172.217.19.14 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Shopping@Blue Coat;Software Downloads@Blue Coat total categorization time: 0 static categorization time: 0 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 349 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms stop-transaction: start 349 elapsed 0 ms Total Policy evaluation time: 0 ms ssl server hello complete: 349 url_categorization complete time: 0 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 175 Total time added: 0 ms Total latency to first byte: 174 ms Request latency: 0 ms OCS connect time: 174 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4052781 type=https.forward-proxy transaction handed off from: 4052689 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:36:55 UTC POST https://play.google.com/log?format=json&hasfast=true&authuser=0 rewritten URL(s): cache_url=https://play.google.com/log?format=json&hasfast=true&authuser=0&bcsi_scan_36eb41fd84054c8c=jTpiDIxCw7ZJXFYN5vZvgUfSrf0CAAAALdc9AA== origin server next-hop IP address=172.217.19.14 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Content-Length: 875 Referer: https://drive.google.com/drive/my-drive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Shopping@Blue Coat;Software Downloads@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' set response header 'Cache-Control' value='private, proxy-revalidate' ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 294 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 3 elapsed 0 ms server-out: start 3 elapsed 0 ms server-in: start 3 elapsed 0 ms client-out: start 293 elapsed 0 ms access-logging: start 294 elapsed 0 ms stop-transaction: start 294 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 3 ICAP Response Scan: start 291 delay 0 finish 293 server connection: start 3 DNS Lookup: start 3 elapsed 0 ms server connection: connected 3 first-byte 290 last_byte 293 client connection: first-response-byte 293 last-response-byte 294 Total time added: 1 ms Total latency to first byte: 3 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 3 ms Response latency (last byte): 1 ms stop transaction -------------------- start transaction ------------------- transaction ID=4046482 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:36:32 UTC GET https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=463&TYPE=xmlhttp&zx=ng2xtym2h34e&t=1 rewritten URL(s): cache_url=https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=463&TYPE=xmlhttp&zx=ng2xtym2h34e&t=1&bcsi_scan_36eb41fd84054c8c=Aq4muLzveewtks13iNIwdzjtQskCAAAAkr49AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 27870 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 6 elapsed 0 ms client-out: start 5399 elapsed 0 ms access-logging: start 27869 elapsed 0 ms stop-transaction: start 27870 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 ICAP Response Scan: start 342 delay 0 finish 27869 server connection: start 1 DNS Lookup: start 1 elapsed 5 ms server connection: connected 6 first-byte 341 last_byte 27861 client connection: first-response-byte 5399 last-response-byte 27869 Total time added: 8 ms Total latency to first byte: 5063 ms Request latency: 0 ms OCS connect time: 5 ms Response latency (first byte): 5058 ms Response latency (last byte): 8 ms stop transaction -------------------- start transaction ------------------- transaction ID=4057332 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:37:11 UTC CONNECT tcp://safebrowsing.googleapis.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='need_credentials' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 1 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms client-out-terminated: start 1 elapsed 0 ms access-logging: start 1 elapsed 0 ms stop-transaction: start 1 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 client connection: first-response-byte 0 last-response-byte 1 stop transaction -------------------- start transaction ------------------- transaction ID=4057335 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:37:11 UTC CONNECT tcp://safebrowsing.googleapis.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='Unknown Status' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 11 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 8 elapsed 3 ms client-out-terminated: start 11 elapsed 0 ms access-logging: start 11 elapsed 0 ms stop-transaction: start 11 elapsed 0 ms Total Policy evaluation time: 3 ms url_categorization complete time: 8 client connection: first-response-byte 0 last-response-byte 11 stop transaction -------------------- start transaction ------------------- transaction ID=4057339 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] miss: [Rule] http.response.code=200 MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:37:11 UTC CONNECT tcp://safebrowsing.googleapis.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 2 elapsed 3 ms authorization start 5 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 6 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 2 elapsed 3 ms access-logging: start 6 elapsed 0 ms stop-transaction: start 6 elapsed 0 ms Total Policy evaluation time: 3 ms url_categorization complete time: 2 client connection: first-response-byte 0 last-response-byte 6 stop transaction -------------------- start transaction ------------------- transaction ID=4057340 type=ssl.tunnel transaction handed off from: 4057339 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:37:11 UTC unknown ssl://safebrowsing.googleapis.com:443/ origin server next-hop IP address=216.58.208.234 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 1 static categorization time: 1 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 460 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms stop-transaction: start 460 elapsed 0 ms Total Policy evaluation time: 0 ms ssl server hello complete: 459 url_categorization complete time: 1 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 173 Total time added: 0 ms Total latency to first byte: 172 ms Request latency: 0 ms OCS connect time: 172 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4057466 type=https.forward-proxy transaction handed off from: 4057341 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:37:11 UTC GET https://safebrowsing.googleapis.com/v4/fullHashes:find?$req=Ch0KDGdvb2dsZWNocm9tZRINODAuMC4zOTg3LjEzMhIbCg0IBRAGGAEiAzAwMTABELqXCBoCGAvkV-k1EhsKDQgBEAYYASIDMDAxMAEQy40HGgIYCz3Vg_wSGwoNCAMQBhgBIgMwMDEwARCdkAcaAhgLPYqO-xIbCg0IBxAGGAEiAzAwMTABEKiCBxoCGAsKZXWfEhkKDQgBEAYYASIDMDAxMAMQFBoCGAuFlfYlEhoKDQgBEAgYASIDMDAxMAQQxBkaAhgL0-405hIZCg0ICRAGGAEiAzAwMTAGEAMaAhgL7W6YOhIaCg0IDxAGGAEiAzAwMTABEM8kGgIYC0kAW5cSGQoNCAoQCBgBIgMwMDEwARAFGgIYC85McX4SGQoNCAkQBhgBIgMwMDEwARAZGgIYCxTlTu0SGgoNCAgQBhgBIgMwMDEwARCXCBoCGAteBpQMEhoKDQgNEAYYASIDMDAxMAEQ324aAhgLBZsUVBIbCg0IDhAGGAEiAzAwMTABEOOdAxoCGAskeLIBEhoKDQgQEAYYASIDMDAxMAEQzwEaAhgL7pGR5BosCAEIAwgFCAYIBwgICAkICggNCA4IDwgQEAEQCBoGCgTqsmM_IAEgAyAEIAY=&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw rewritten URL(s): cache_url=https://safebrowsing.googleapis.com/v4/fullHashes:find?$req=Ch0KDGdvb2dsZWNocm9tZRINODAuMC4zOTg3LjEzMhIbCg0IBRAGGAEiAzAwMTABELqXCBoCGAvkV-k1EhsKDQgBEAYYASIDMDAxMAEQy40HGgIYCz3Vg_wSGwoNCAMQBhgBIgMwMDEwARCdkAcaAhgLPYqO-xIbCg0IBxAGGAEiAzAwMTABEKiCBxoCGAsKZXWfEhkKDQgBEAYYASIDMDAxMAMQFBoCGAuFlfYlEhoKDQgBEAgYASIDMDAxMAQQxBkaAhgL0-405hIZCg0ICRAGGAEiAzAwMTAGEAMaAhgL7W6YOhIaCg0IDxAGGAEiAzAwMTABEM8kGgIYC0kAW5cSGQoNCAoQCBgBIgMwMDEwARAFGgIYC85McX4SGQoNCAkQBhgBIgMwMDEwARAZGgIYCxTlTu0SGgoNCAgQBhgBIgMwMDEwARCXCBoCGAteBpQMEhoKDQgNEAYYASIDMDAxMAEQ324aAhgLBZsUVBIbCg0IDhAGGAEiAzAwMTABEOOdAxoCGAskeLIBEhoKDQgQEAYYASIDMDAxMAEQzwEaAhgL7pGR5BosCAEIAwgFCAYIBwgICAkICggNCA4IDwgQEAEQCBoGCgTqsmM_IAEgAyAEIAY=&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&bcsi_scan_36eb41fd84054c8c=fhCkDD3LmmwyYiGtUt4q9V57Ic8CAAAAeuk9AA== origin server next-hop IP address=216.58.208.234 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Content Delivery Networks@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' ICAP RESPMOD Scan Summary: Error code: none Summary: icap-error-code: file_type_served Transaction timing: total-transaction-time 528 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 63 elapsed 1 ms server-out: start 241 elapsed 0 ms server-in: start 241 elapsed 0 ms client-out: start 528 elapsed 0 ms access-logging: start 528 elapsed 0 ms stop-transaction: start 528 elapsed 0 ms Total Policy evaluation time: 1 ms url_categorization complete time: 63 ICAP Response Scan: start 526 delay 0 finish 528 server connection: start 241 DNS Lookup: start 241 elapsed 0 ms server connection: connected 241 first-byte 525 last_byte 527 client connection: first-response-byte 528 last-response-byte 528 Total time added: 179 ms Total latency to first byte: 181 ms Request latency: 178 ms OCS connect time: 0 ms Response latency (first byte): 3 ms Response latency (last byte): 1 ms stop transaction -------------------- start transaction ------------------- transaction ID=4057806 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance miss: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance miss: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:37:12 UTC GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=hya9us50my02 origin server next-hop IP address=216.58.208.227 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://drive.google.com/drive/my-drive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Office/Business Applications@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: Google Drive application.operation: none application.group: File Sharing;Storage DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' Transaction timing: total-transaction-time 283 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 283 elapsed 0 ms access-logging: start 283 elapsed 0 ms stop-transaction: start 283 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 283 last_byte 283 client connection: first-response-byte 283 last-response-byte 283 Total time added: 0 ms Total latency to first byte: 0 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4054122 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:37:00 UTC GET https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=465&TYPE=xmlhttp&zx=n4xm378jktrf&t=1 rewritten URL(s): cache_url=https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=465&TYPE=xmlhttp&zx=n4xm378jktrf&t=1&bcsi_scan_36eb41fd84054c8c=iCNOclzM5m3hDjnp8x2B+RhyhYgCAAAAatw9AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 29133 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 5041 elapsed 0 ms access-logging: start 29133 elapsed 0 ms stop-transaction: start 29133 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 ICAP Response Scan: start 171 delay 0 finish 29132 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 168 last_byte 29125 client connection: first-response-byte 5041 last-response-byte 29133 Total time added: 8 ms Total latency to first byte: 4873 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 4873 ms Response latency (last byte): 8 ms stop transaction -------------------- start transaction ------------------- transaction ID=4066436 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:37:42 UTC CONNECT tcp://www.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='need_credentials' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 1 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms client-out-terminated: start 1 elapsed 0 ms access-logging: start 1 elapsed 0 ms stop-transaction: start 1 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 1 client connection: first-response-byte 0 last-response-byte 1 stop transaction -------------------- start transaction ------------------- transaction ID=4066438 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:37:42 UTC CONNECT tcp://www.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='Unknown Status' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 1 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms client-out-terminated: start 1 elapsed 0 ms access-logging: start 1 elapsed 0 ms stop-transaction: start 1 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 1 client connection: first-response-byte 0 last-response-byte 1 stop transaction -------------------- start transaction ------------------- transaction ID=4066440 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] miss: [Rule] http.response.code=200 MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:37:42 UTC CONNECT tcp://www.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 2 elapsed 3 ms authorization start 5 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 7 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 2 elapsed 4 ms access-logging: start 7 elapsed 0 ms stop-transaction: start 7 elapsed 0 ms Total Policy evaluation time: 4 ms url_categorization complete time: 2 client connection: first-response-byte 0 last-response-byte 7 stop transaction -------------------- start transaction ------------------- transaction ID=4066443 type=ssl.tunnel transaction handed off from: 4066440 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:37:42 UTC unknown ssl://www.google.com:443/ origin server next-hop IP address=216.58.208.228 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 354 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms stop-transaction: start 354 elapsed 0 ms Total Policy evaluation time: 0 ms ssl server hello complete: 353 url_categorization complete time: 0 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 177 Total time added: 0 ms Total latency to first byte: 176 ms Request latency: 0 ms OCS connect time: 176 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4066529 type=https.forward-proxy transaction handed off from: 4066444 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] miss: [Rule] http.response.code=200 MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:37:42 UTC POST https://www.google.com/gen_204?atyp=i&ei=x_5lXqGMGomYjLsPsLa_mA4&ct=slh&v=2&s=4&pv=0.8299011564472101&me=106:1583742727680,V,0,0,0,0:1719,U,1719:0,V,0,0,1920,969:24267,h,1,CBAQAA,i:0,h,1,CBYQAQ,i:0,h,1,CBYQAA,i:16,h,1,CBAQAA,o:17,h,1,CA8QAA,i:17,h,1,CA8QAA,o:17,h,1,CA4QAA,i:133,h,1,CA4QAA,o:17,h,1,CBYQAQ,o:0,h,1,CBYQAA,o:1635,h,1,CBAQAA,i:0,h,1,CBYQAQ,i:0,h,1,CBYQAA,i:16,h,1,CBAQAA,o:18,h,1,CBEQAA,i:16,h,1,CBEQAA,o:35,h,1,CBMQAw,i:31,h,1,CBMQAw,o:16,h,1,CBYQAQ,o:18,h,1,CBYQAA,o:84,h,1,CBYQAA,i:32,h,1,CBYQAQ,i:306,h,1,CBYQAQ,o:0,h,1,CBYQAA,o:12,h,2,CAEQAQ,i:1,h,1,CBcQAA,i:49,h,2,CAEQAQ,o:1,h,2,CAEQDA,i:132,h,2,CAEQDA,o:1,h,2,CAEQAQ,i:83,h,2,CAEQAQ,o:0,h,1,CBcQJQ,i:182,h,1,CBcQJQ,o:0,h,1,CBcQGQ,i:354,G,1,CBcQGQ,123,26:0,G,1,CBcQAA,104,391:949,h,1,CBcQGQ,o:1,h,1,CBcQAA,o:153,B,2949:0,R,1,CBcQAA,166,315,600,951:0,R,1,CBcQGg,147,724,638,258:0,R,1,CBcQGw,163,740,606,108:0,R,1,CBcQHg,163,848,606,79:0,R,1,CBcQJQ,147,982,638,44:0,R,2,CAEQAQ,147,1026,638,44:0,R,2,CAEQDA,147,1070,638,44:0,R,1,CAIQAA,166,1293,600, origin server next-hop IP address=216.58.208.228 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://www.google.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 204 client.response.code: 204 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' Transaction timing: total-transaction-time 300 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 3 elapsed 1 ms server-out: start 4 elapsed 0 ms server-in: start 4 elapsed 0 ms client-out: start 300 elapsed 0 ms access-logging: start 300 elapsed 0 ms stop-transaction: start 300 elapsed 0 ms Total Policy evaluation time: 1 ms url_categorization complete time: 3 server connection: start 4 DNS Lookup: start 4 elapsed 0 ms server connection: connected 4 first-byte 300 last_byte 300 client connection: first-response-byte 300 last-response-byte 300 Total time added: 1 ms Total latency to first byte: 1 ms Request latency: 1 ms OCS connect time: 0 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4062735 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:37:29 UTC GET https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=467&TYPE=xmlhttp&zx=acq72q8psd5&t=1 rewritten URL(s): cache_url=https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=467&TYPE=xmlhttp&zx=acq72q8psd5&t=1&bcsi_scan_36eb41fd84054c8c=fkE3jO3zCQiPaWjIO/PTFMjB3IoCAAAAD/49AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 26158 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 4512 elapsed 0 ms access-logging: start 26158 elapsed 0 ms stop-transaction: start 26158 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 ICAP Response Scan: start 333 delay 0 finish 26158 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 332 last_byte 26150 client connection: first-response-byte 4512 last-response-byte 26158 Total time added: 8 ms Total latency to first byte: 4180 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 4180 ms Response latency (last byte): 8 ms stop transaction -------------------- start transaction ------------------- transaction ID=4072310 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:38:03 UTC CONNECT tcp://clients4.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='need_credentials' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 3 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 3 elapsed 0 ms client-out-terminated: start 3 elapsed 0 ms access-logging: start 3 elapsed 0 ms stop-transaction: start 3 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 3 client connection: first-response-byte 0 last-response-byte 3 stop transaction -------------------- start transaction ------------------- transaction ID=4072315 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:38:03 UTC CONNECT tcp://clients4.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='Unknown Status' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 6 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 5 elapsed 0 ms client-out-terminated: start 5 elapsed 0 ms access-logging: start 5 elapsed 1 ms stop-transaction: start 6 elapsed 0 ms Total Policy evaluation time: 1 ms url_categorization complete time: 4 client connection: first-response-byte 0 last-response-byte 5 stop transaction -------------------- start transaction ------------------- transaction ID=4072318 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] miss: [Rule] http.response.code=200 MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:38:03 UTC CONNECT tcp://clients4.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 5 elapsed 2 ms authorization start 7 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 11 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 5 elapsed 2 ms access-logging: start 10 elapsed 1 ms stop-transaction: start 11 elapsed 0 ms Total Policy evaluation time: 3 ms url_categorization complete time: 5 client connection: first-response-byte 0 last-response-byte 10 stop transaction -------------------- start transaction ------------------- transaction ID=4072321 type=ssl.tunnel transaction handed off from: 4072318 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:38:03 UTC unknown ssl://clients4.google.com:443/ origin server next-hop IP address=172.217.19.14 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 0 static categorization time: 0 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 350 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms stop-transaction: start 350 elapsed 0 ms Total Policy evaluation time: 0 ms ssl server hello complete: 348 url_categorization complete time: 0 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 172 Total time added: 0 ms Total latency to first byte: 171 ms Request latency: 0 ms OCS connect time: 171 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4072442 type=https.forward-proxy transaction handed off from: 4072322 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] miss: [Rule] http.response.code=200 MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:38:03 UTC POST https://clients4.google.com/invalidation/android/request/CHES4QEStwFBUEE5MWJFSHh6M2pWdXpBSGpNRi1GTjQ4LW53OU5fcVM3Z2xaaXdxUEpKcllhcEoyaUlPT0lGbUdySWw3SlZTcmFJRzdPTGlZTW9felBpa3JzbEs5Sl9TVzJaLXY3R3JEMWVZWURDTnJockdPeEJEVzFqODJuVlltY01acEMzZVBQUnNKLUFQd3RwRXVCaHhVVlBDc0tEZ3JNaHJEWXFVTjhqMlVzbkc5NHpFa1pUQ09Pc0w3YmcaACoCCAAyH2NvbS5nb29nbGUuY2hyb21lLmludmFsaWRhdGlvbnM origin server next-hop IP address=172.217.19.14 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 204 client.response.code: 204 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' set response header 'Cache-Control' value='proxy-revalidate' Transaction timing: total-transaction-time 299 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 2 elapsed 0 ms server-out: start 3 elapsed 0 ms server-in: start 3 elapsed 0 ms client-out: start 299 elapsed 0 ms access-logging: start 299 elapsed 0 ms stop-transaction: start 299 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 2 server connection: start 3 DNS Lookup: start 3 elapsed 0 ms server connection: connected 3 first-byte 298 last_byte 299 client connection: first-response-byte 299 last-response-byte 299 Total time added: 1 ms Total latency to first byte: 2 ms Request latency: 1 ms OCS connect time: 0 ms Response latency (first byte): 1 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4069819 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:37:55 UTC GET https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=469&TYPE=xmlhttp&zx=ylimnlckjahw&t=1 rewritten URL(s): cache_url=https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=469&TYPE=xmlhttp&zx=ylimnlckjahw&t=1&bcsi_scan_36eb41fd84054c8c=XkW9NqnDz+7K2jODO93L1Dk4RrQCAAAAuxk+AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 1 static categorization time: 1 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 26463 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 4894 elapsed 0 ms access-logging: start 26462 elapsed 1 ms stop-transaction: start 26463 elapsed 0 ms Total Policy evaluation time: 1 ms url_categorization complete time: 0 ICAP Response Scan: start 135 delay 0 finish 26462 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 133 last_byte 26339 client connection: first-response-byte 4894 last-response-byte 26462 Total time added: 123 ms Total latency to first byte: 4761 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 4761 ms Response latency (last byte): 123 ms stop transaction -------------------- start transaction ------------------- transaction ID=4077640 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:38:21 UTC GET https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=471&TYPE=xmlhttp&zx=c1bibaeqnd1j&t=1 rewritten URL(s): cache_url=https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=471&TYPE=xmlhttp&zx=c1bibaeqnd1j&t=1&bcsi_scan_36eb41fd84054c8c=0/WeM7Dqkarq+po7LmieJcY0gOwCAAAASDg+AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 24174 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 4963 elapsed 0 ms access-logging: start 24174 elapsed 0 ms stop-transaction: start 24174 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 ICAP Response Scan: start 135 delay 0 finish 24173 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 134 last_byte 24166 client connection: first-response-byte 4963 last-response-byte 24174 Total time added: 8 ms Total latency to first byte: 4829 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 4829 ms Response latency (last byte): 8 ms stop transaction -------------------- start transaction ------------------- transaction ID=4083688 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:38:46 UTC GET https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=473&TYPE=xmlhttp&zx=pjaz2f2cgk6v&t=1 rewritten URL(s): cache_url=https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=473&TYPE=xmlhttp&zx=pjaz2f2cgk6v&t=1&bcsi_scan_36eb41fd84054c8c=dSHbRfmzKTcIdmoQdTzRA+ZbhPgCAAAA6E8+AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 25110 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 5248 elapsed 0 ms access-logging: start 25110 elapsed 0 ms stop-transaction: start 25110 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 ICAP Response Scan: start 330 delay 0 finish 25110 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 330 last_byte 25102 client connection: first-response-byte 5248 last-response-byte 25110 Total time added: 8 ms Total latency to first byte: 4918 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 4918 ms Response latency (last byte): 8 ms stop transaction -------------------- start transaction ------------------- transaction ID=4092457 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance miss: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance miss: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:39:14 UTC GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=vp0xjklub286 origin server next-hop IP address=216.58.208.227 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://drive.google.com/drive/my-drive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Office/Business Applications@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: Google Drive application.operation: none application.group: File Sharing;Storage DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' Transaction timing: total-transaction-time 285 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 285 elapsed 0 ms access-logging: start 285 elapsed 0 ms stop-transaction: start 285 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 285 last_byte 285 client connection: first-response-byte 285 last-response-byte 285 Total time added: 0 ms Total latency to first byte: 0 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4091495 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:39:11 UTC GET https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=475&TYPE=xmlhttp&zx=ppbxcir8thhl&t=1 rewritten URL(s): cache_url=https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=475&TYPE=xmlhttp&zx=ppbxcir8thhl&t=1&bcsi_scan_36eb41fd84054c8c=4E3EwIHXJvpa8EvagNN8eGQDxWYCAAAAZ24+AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 24744 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 4595 elapsed 0 ms access-logging: start 24744 elapsed 0 ms stop-transaction: start 24744 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 ICAP Response Scan: start 136 delay 0 finish 24743 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 136 last_byte 24732 client connection: first-response-byte 4595 last-response-byte 24744 Total time added: 12 ms Total latency to first byte: 4459 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 4459 ms Response latency (last byte): 12 ms stop transaction -------------------- start transaction ------------------- transaction ID=4101820 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:39:49 UTC CONNECT tcp://collector-pxzhh9f9x0.px-cloud.net:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='need_credentials' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 1 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms client-out-terminated: start 1 elapsed 0 ms access-logging: start 1 elapsed 0 ms stop-transaction: start 1 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 client connection: first-response-byte 0 last-response-byte 1 stop transaction -------------------- start transaction ------------------- transaction ID=4101821 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:39:49 UTC CONNECT tcp://collector-pxzhh9f9x0.px-cloud.net:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='Unknown Status' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 5 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 5 elapsed 0 ms client-out-terminated: start 5 elapsed 0 ms access-logging: start 5 elapsed 0 ms stop-transaction: start 5 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 5 client connection: first-response-byte 0 last-response-byte 5 stop transaction -------------------- start transaction ------------------- transaction ID=4101824 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] miss: [Rule] http.response.code=200 MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:39:49 UTC CONNECT tcp://collector-pxzhh9f9x0.px-cloud.net:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 3 elapsed 3 ms authorization start 6 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 7 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 3 elapsed 3 ms access-logging: start 7 elapsed 0 ms stop-transaction: start 7 elapsed 0 ms Total Policy evaluation time: 3 ms url_categorization complete time: 3 client connection: first-response-byte 0 last-response-byte 7 stop transaction -------------------- start transaction ------------------- transaction ID=4101828 type=ssl.tunnel transaction handed off from: 4101824 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:39:49 UTC unknown ssl://collector-pxzhh9f9x0.px-cloud.net:443/ origin server next-hop IP address=35.186.220.184 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 0 static categorization time: 0 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 173 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms stop-transaction: start 173 elapsed 0 ms Total Policy evaluation time: 0 ms ssl server hello complete: 173 url_categorization complete time: 1 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 86 Total time added: 0 ms Total latency to first byte: 85 ms Request latency: 0 ms OCS connect time: 85 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4101871 type=https.forward-proxy transaction handed off from: 4101829 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:39:49 UTC POST https://collector-pxzhh9f9x0.px-cloud.net/api/v2/collector rewritten URL(s): cache_url=https://collector-pxzhh9f9x0.px-cloud.net/api/v2/collector?bcsi_scan_36eb41fd84054c8c=f4FxIkMfEHvu/0oUANkvg2FodgYCAAAA75Y+AA== origin server next-hop IP address=35.186.220.184 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Content-Length: 1000 Referer: https://www.udemy.com/course/isetraining/learn/lecture/13568468?start=15 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Web Ads/Analytics@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 1088 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 109 elapsed 0 ms server-out: start 193 elapsed 0 ms server-in: start 193 elapsed 0 ms client-out: start 1087 elapsed 0 ms access-logging: start 1088 elapsed 0 ms stop-transaction: start 1088 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 109 ICAP Response Scan: start 304 delay 0 finish 1087 server connection: start 193 DNS Lookup: start 193 elapsed 0 ms server connection: connected 193 first-byte 304 last_byte 305 client connection: first-response-byte 1087 last-response-byte 1088 Total time added: 867 ms Total latency to first byte: 867 ms Request latency: 84 ms OCS connect time: 0 ms Response latency (first byte): 783 ms Response latency (last byte): 783 ms stop transaction -------------------- start transaction ------------------- transaction ID=4098779 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:39:36 UTC GET https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=477&TYPE=xmlhttp&zx=sx7sbylkqipl&t=1 rewritten URL(s): cache_url=https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=477&TYPE=xmlhttp&zx=sx7sbylkqipl&t=1&bcsi_scan_36eb41fd84054c8c=usL7iKEfuCCWlXP0QVFwq/wGiooCAAAA24o+AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 29914 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 5403 elapsed 0 ms access-logging: start 29914 elapsed 0 ms stop-transaction: start 29914 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 ICAP Response Scan: start 383 delay 5 finish 29913 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 333 last_byte 29906 client connection: first-response-byte 5403 last-response-byte 29914 Total time added: 8 ms Total latency to first byte: 5070 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 5070 ms Response latency (last byte): 8 ms stop transaction -------------------- start transaction ------------------- transaction ID=4111348 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] miss: [Rule] http.response.code=200 MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:24 UTC POST https://www.google.com/gen_204?atyp=i&ei=x_5lXqGMGomYjLsPsLa_mA4&ct=slh&v=2&s=5&pv=0.8299011564472101&me=188:1583743062685,V,0,0,0,0:1658,h,1,CBcQGQ,i:0,h,1,CBcQAA,i:21,U,1679:0,V,0,100,1920,969:77,h,1,CBcQGQ,o:0,h,1,CBcQAA,o:1,h,1,CBMQAw,i:0,h,1,CBYQAQ,i:0,h,1,CBYQAA,i:32,h,1,CBMQAw,o:0,h,1,CBYQAQ,o:0,h,1,CBYQAA,o:159194,h,1,CBcQGg,i:0,h,1,CBcQAA,i:18,h,1,CBcQHg,i:48,h,1,CBcQHg,o:51,h,1,CBcQGg,o:0,h,1,CBcQJQ,i:33,h,1,CBcQJQ,o:1,h,2,CAEQAQ,i:496,h,2,CAEQAQ,o:0,h,1,CBcQAA,o:202,e,B&zx=1583743224518 origin server next-hop IP address=216.58.208.228 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://www.google.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 204 client.response.code: 204 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' Transaction timing: total-transaction-time 293 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 293 elapsed 0 ms access-logging: start 293 elapsed 0 ms stop-transaction: start 293 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 292 last_byte 293 client connection: first-response-byte 293 last-response-byte 293 Total time added: 0 ms Total latency to first byte: 1 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 1 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4112569 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:29 UTC CONNECT tcp://teams.microsoft.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.4461 Chrome/69.0.3497.128 Electron/4.2.12 Safari/537.36 user: unauthenticated authentication status='need_credentials' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Chat (IM)/SMS@Blue Coat;Office/Business Applications@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: Office 365 Skype for Business application.operation: none application.group: Instant Messaging;Online Meetings;VoIP DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 1 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms client-out-terminated: start 1 elapsed 0 ms access-logging: start 1 elapsed 0 ms stop-transaction: start 1 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 1 client connection: first-response-byte 0 last-response-byte 1 stop transaction -------------------- start transaction ------------------- transaction ID=4112570 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:29 UTC CONNECT tcp://teams.microsoft.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.4461 Chrome/69.0.3497.128 Electron/4.2.12 Safari/537.36 user: unauthenticated authentication status='Unknown Status' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Chat (IM)/SMS@Blue Coat;Office/Business Applications@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: Office 365 Skype for Business application.operation: none application.group: Instant Messaging;Online Meetings;VoIP DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 2 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 1 ms client-out-terminated: start 2 elapsed 0 ms access-logging: start 2 elapsed 0 ms stop-transaction: start 2 elapsed 0 ms Total Policy evaluation time: 1 ms url_categorization complete time: 1 client connection: first-response-byte 0 last-response-byte 2 stop transaction -------------------- start transaction ------------------- transaction ID=4112571 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] miss: [Rule] http.response.code=200 MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:29 UTC CONNECT tcp://teams.microsoft.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.4461 Chrome/69.0.3497.128 Electron/4.2.12 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 2 elapsed 2 ms authorization start 4 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Chat (IM)/SMS@Blue Coat;Office/Business Applications@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 200 application.name: Office 365 Skype for Business application.operation: none application.group: Instant Messaging;Online Meetings;VoIP DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 5 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 2 elapsed 2 ms access-logging: start 5 elapsed 0 ms stop-transaction: start 5 elapsed 0 ms Total Policy evaluation time: 2 ms url_categorization complete time: 2 client connection: first-response-byte 0 last-response-byte 5 stop transaction -------------------- start transaction ------------------- transaction ID=4106638 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:06 UTC GET https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=479&TYPE=xmlhttp&zx=t5obved4q9oq&t=1 rewritten URL(s): cache_url=https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=479&TYPE=xmlhttp&zx=t5obved4q9oq&t=1&bcsi_scan_36eb41fd84054c8c=9uE3o+l8ekj4PQOsLr5LToAXV6kCAAAAjqk+AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 1 static categorization time: 1 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 27496 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 5122 elapsed 0 ms access-logging: start 27496 elapsed 0 ms stop-transaction: start 27496 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 1 ICAP Response Scan: start 332 delay 0 finish 27496 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 331 last_byte 27374 client connection: first-response-byte 5122 last-response-byte 27496 Total time added: 122 ms Total latency to first byte: 4791 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 4791 ms Response latency (last byte): 122 ms stop transaction -------------------- start transaction ------------------- transaction ID=4116752 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:44 UTC CONNECT tcp://www.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='need_credentials' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 1 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms client-out-terminated: start 1 elapsed 0 ms access-logging: start 1 elapsed 0 ms stop-transaction: start 1 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 client connection: first-response-byte 0 last-response-byte 1 stop transaction -------------------- start transaction ------------------- transaction ID=4116755 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:44 UTC CONNECT tcp://www.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='need_credentials' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 1 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms client-out-terminated: start 1 elapsed 0 ms access-logging: start 1 elapsed 0 ms stop-transaction: start 1 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 1 client connection: first-response-byte 0 last-response-byte 1 stop transaction -------------------- start transaction ------------------- transaction ID=4116754 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:44 UTC CONNECT tcp://www.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='Unknown Status' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 2 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 1 ms client-out-terminated: start 2 elapsed 0 ms access-logging: start 2 elapsed 0 ms stop-transaction: start 2 elapsed 0 ms Total Policy evaluation time: 1 ms url_categorization complete time: 1 client connection: first-response-byte 0 last-response-byte 2 stop transaction -------------------- start transaction ------------------- transaction ID=4116758 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:44 UTC CONNECT tcp://www.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='Unknown Status' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 1 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms client-out-terminated: start 1 elapsed 0 ms access-logging: start 1 elapsed 0 ms stop-transaction: start 1 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 client connection: first-response-byte 0 last-response-byte 1 stop transaction -------------------- start transaction ------------------- transaction ID=4116756 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] miss: [Rule] http.response.code=200 MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:44 UTC CONNECT tcp://www.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 3 elapsed 3 ms authorization start 6 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 7 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 3 elapsed 3 ms access-logging: start 7 elapsed 0 ms stop-transaction: start 7 elapsed 0 ms Total Policy evaluation time: 3 ms url_categorization complete time: 3 client connection: first-response-byte 0 last-response-byte 7 stop transaction -------------------- start transaction ------------------- transaction ID=4116759 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] miss: [Rule] http.response.code=200 MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:44 UTC CONNECT tcp://www.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 3 elapsed 2 ms authorization start 5 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 11 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 3 elapsed 2 ms access-logging: start 11 elapsed 0 ms stop-transaction: start 11 elapsed 0 ms Total Policy evaluation time: 2 ms url_categorization complete time: 3 client connection: first-response-byte 0 last-response-byte 11 stop transaction -------------------- start transaction ------------------- transaction ID=4116770 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:44 UTC CONNECT tcp://www.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='need_credentials' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 1 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms client-out-terminated: start 1 elapsed 0 ms access-logging: start 1 elapsed 0 ms stop-transaction: start 1 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 client connection: first-response-byte 0 last-response-byte 1 stop transaction -------------------- start transaction ------------------- transaction ID=4116771 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:44 UTC CONNECT tcp://www.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='Unknown Status' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 1 static categorization time: 1 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 2 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 2 elapsed 0 ms client-out-terminated: start 2 elapsed 0 ms access-logging: start 2 elapsed 0 ms stop-transaction: start 2 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 2 client connection: first-response-byte 0 last-response-byte 2 stop transaction -------------------- start transaction ------------------- transaction ID=4116772 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] miss: [Rule] http.response.code=200 MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:44 UTC CONNECT tcp://www.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 7 elapsed 2 ms authorization start 9 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 13 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 7 elapsed 2 ms access-logging: start 13 elapsed 0 ms stop-transaction: start 13 elapsed 0 ms Total Policy evaluation time: 2 ms url_categorization complete time: 7 client connection: first-response-byte 0 last-response-byte 13 stop transaction -------------------- start transaction ------------------- transaction ID=4116751 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] miss: [Rule] http.response.code=200 MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:44 UTC POST https://www.google.com/gen_204?atyp=i&ei=x_5lXqGMGomYjLsPsLa_mA4&ct=slh&v=2&s=6&pv=0.8299011564472101&me=212:1583743224518,V,0,0,0,0:9479,U,9479:0,V,0,100,1920,969:331,h,2,CAEQAQ,i:0,h,1,CBcQAA,i:35,h,2,CAEQAQ,o:0,h,1,CBcQJQ,i:17,h,1,CBcQJQ,o:1,h,1,CBcQGg,i:33,h,1,CBcQAA,o:0,h,1,CBcQHg,i:4,h,1,CBcQAA,i:29,h,1,CBcQHg,o:0,h,1,CBcQGw,i:65,h,1,CBcQGw,o:0,h,1,CBcQGg,o:17,h,1,CBcQAA,o:33,h,1,CBMQAw,i:1,h,1,CBYQAQ,i:0,h,1,CBYQAA,i:282,h,1,CBMQAw,o:51,h,1,CBEQAA,i:17,h,1,CBEQAA,o:1,h,1,CBAQAA,i:16,h,1,CBAQAA,o:2,h,1,CA8QAA,i:47,h,1,CA8QAA,o:1,h,1,CA4QAA,i:406,h,1,CA4QAA,o:0,h,1,CAwQAA,i:27,h,1,CAwQAA,o:0,h,1,CBgQAQ,i:0,h,1,CBgQAA,i:67,h,1,CBgQAQ,o:1,h,1,CBgQAA,o:32,h,1,CBYQAQ,o:0,h,1,CBYQAA,o:7359,h,1,CAcQAA,i:1,h,1,CBUQDQ,i:0,h,1,CBYQAQ,i:0,h,1,CBYQAA,i:83,h,1,CAcQAA,o:0,h,1,CBUQDQ,o:1,h,1,CBUQAQ,i:232,h,1,CBUQAQ,o:51,h,1,CBgQAQ,i:0,h,1,CBgQAA,i:48,h,1,CBgQAQ,o:0,h,1,CBgQAA,o:0,h,1,CBYQAQ,o:0,h,1,CBYQAA,o:17,h,1,CBcQBQ,i:0,h,1,CBcQBA,i:1,h,1,CBcQAA,i:32,h,1,CBcQBQ,o:1,h,1,CBcQBw,i:34,h,1,CBcQBw,o:33,h,1,CBcQB origin server next-hop IP address=216.58.208.228 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://www.google.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 204 client.response.code: 204 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' Transaction timing: total-transaction-time 292 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 292 elapsed 0 ms access-logging: start 292 elapsed 0 ms stop-transaction: start 292 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 292 last_byte 292 client connection: first-response-byte 292 last-response-byte 292 Total time added: 0 ms Total latency to first byte: 0 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4116760 type=ssl.tunnel transaction handed off from: 4116756 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:44 UTC unknown ssl://www.google.com:443/ origin server next-hop IP address=216.58.208.228 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 351 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms stop-transaction: start 351 elapsed 0 ms Total Policy evaluation time: 0 ms ssl server hello complete: 351 url_categorization complete time: 1 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 174 Total time added: 0 ms Total latency to first byte: 173 ms Request latency: 0 ms OCS connect time: 173 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4116764 type=ssl.tunnel transaction handed off from: 4116759 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:44 UTC unknown ssl://www.google.com:443/ origin server next-hop IP address=216.58.208.228 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 360 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms stop-transaction: start 360 elapsed 0 ms Total Policy evaluation time: 0 ms ssl server hello complete: 360 url_categorization complete time: 1 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 180 Total time added: 0 ms Total latency to first byte: 179 ms Request latency: 0 ms OCS connect time: 179 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4116776 type=ssl.tunnel transaction handed off from: 4116772 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:44 UTC unknown ssl://www.google.com:443/ origin server next-hop IP address=216.58.208.228 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 345 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms stop-transaction: start 345 elapsed 0 ms Total Policy evaluation time: 0 ms ssl server hello complete: 345 url_categorization complete time: 0 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 173 Total time added: 0 ms Total latency to first byte: 172 ms Request latency: 0 ms OCS connect time: 172 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4116857 type=https.forward-proxy transaction handed off from: 4116765 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:45 UTC GET https://www.google.com/async/newtab_promos rewritten URL(s): cache_url=https://www.google.com/async/newtab_promos?bcsi_scan_36eb41fd84054c8c=k/vTnThCnJwXuHWZ0H7J3Xx00fwCAAAAedE+AA== origin server next-hop IP address=216.58.208.228 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 321 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 1 ms server-out: start 3 elapsed 0 ms server-in: start 3 elapsed 0 ms client-out: start 321 elapsed 0 ms access-logging: start 321 elapsed 0 ms stop-transaction: start 321 elapsed 0 ms Total Policy evaluation time: 1 ms url_categorization complete time: 1 ICAP Response Scan: start 317 delay 0 finish 321 server connection: start 3 DNS Lookup: start 3 elapsed 0 ms server connection: connected 3 first-byte 316 last_byte 320 client connection: first-response-byte 321 last-response-byte 321 Total time added: 3 ms Total latency to first byte: 7 ms Request latency: 2 ms OCS connect time: 0 ms Response latency (first byte): 5 ms Response latency (last byte): 1 ms stop transaction -------------------- start transaction ------------------- transaction ID=4116864 type=https.forward-proxy transaction handed off from: 4116777 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:45 UTC GET https://www.google.com/async/ddljson?async=ntp:1 rewritten URL(s): cache_url=https://www.google.com/async/ddljson?async=ntp:1&bcsi_scan_36eb41fd84054c8c=7mrTgSmlNbL2bepYqWo5l/Yk/pgCAAAAgNE+AA== origin server next-hop IP address=216.58.208.228 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 302 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 1 ms server-out: start 3 elapsed 0 ms server-in: start 3 elapsed 0 ms client-out: start 302 elapsed 0 ms access-logging: start 302 elapsed 0 ms stop-transaction: start 302 elapsed 0 ms Total Policy evaluation time: 1 ms url_categorization complete time: 1 ICAP Response Scan: start 301 delay 0 finish 302 server connection: start 3 DNS Lookup: start 3 elapsed 0 ms server connection: connected 3 first-byte 300 last_byte 301 client connection: first-response-byte 302 last-response-byte 302 Total time added: 3 ms Total latency to first byte: 4 ms Request latency: 2 ms OCS connect time: 0 ms Response latency (first byte): 2 ms Response latency (last byte): 1 ms stop transaction -------------------- start transaction ------------------- transaction ID=4116849 type=https.forward-proxy transaction handed off from: 4116761 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:45 UTC GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0 rewritten URL(s): cache_url=https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0&bcsi_scan_36eb41fd84054c8c=TTwJI74VUyhDPgz0neSc7130qjoCAAAAcdE+AA== origin server next-hop IP address=216.58.208.228 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 811 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 2 elapsed 0 ms server-out: start 3 elapsed 0 ms server-in: start 3 elapsed 0 ms client-out: start 811 elapsed 0 ms access-logging: start 811 elapsed 0 ms stop-transaction: start 811 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 2 ICAP Response Scan: start 345 delay 0 finish 811 server connection: start 3 DNS Lookup: start 3 elapsed 0 ms server connection: connected 3 first-byte 345 last_byte 691 client connection: first-response-byte 811 last-response-byte 811 Total time added: 121 ms Total latency to first byte: 467 ms Request latency: 1 ms OCS connect time: 0 ms Response latency (first byte): 466 ms Response latency (last byte): 120 ms stop transaction -------------------- start transaction ------------------- transaction ID=4117081 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:45 UTC CONNECT tcp://fonts.gstatic.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='need_credentials' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Technology/Internet@Blue Coat total categorization time: 1 static categorization time: 1 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 1 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms client-out-terminated: start 1 elapsed 0 ms access-logging: start 1 elapsed 0 ms stop-transaction: start 1 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 1 client connection: first-response-byte 0 last-response-byte 1 stop transaction -------------------- start transaction ------------------- transaction ID=4117397 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:46 UTC OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0 origin server next-hop IP address=172.217.19.14 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Shopping@Blue Coat;Software Downloads@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' Transaction timing: total-transaction-time 631 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 348 elapsed 0 ms client-out: start 630 elapsed 0 ms access-logging: start 630 elapsed 1 ms stop-transaction: start 631 elapsed 0 ms Total Policy evaluation time: 1 ms url_categorization complete time: 0 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 348 first-byte 630 last_byte 630 client connection: first-response-byte 630 last-response-byte 630 Total time added: 0 ms Total latency to first byte: 347 ms Request latency: 0 ms OCS connect time: 347 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4117568 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:47 UTC POST https://play.google.com/log?format=json&hasfast=true&authuser=0 rewritten URL(s): cache_url=https://play.google.com/log?format=json&hasfast=true&authuser=0&bcsi_scan_36eb41fd84054c8c=kTcEbdroi35q3Y+AccdAbet5iqcCAAAAQNQ+AA== origin server next-hop IP address=172.217.19.14 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Content-Length: 586 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Shopping@Blue Coat;Software Downloads@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' set response header 'Cache-Control' value='private, proxy-revalidate' ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 298 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 298 elapsed 0 ms access-logging: start 298 elapsed 0 ms stop-transaction: start 298 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 ICAP Response Scan: start 295 delay 0 finish 298 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 295 last_byte 297 client connection: first-response-byte 298 last-response-byte 298 Total time added: 1 ms Total latency to first byte: 3 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 3 ms Response latency (last byte): 1 ms stop transaction -------------------- start transaction ------------------- transaction ID=4118175 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:49 UTC CONNECT tcp://ogs.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='need_credentials' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 1 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms client-out-terminated: start 1 elapsed 0 ms access-logging: start 1 elapsed 0 ms stop-transaction: start 1 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 1 client connection: first-response-byte 0 last-response-byte 1 stop transaction -------------------- start transaction ------------------- transaction ID=4118176 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:49 UTC CONNECT tcp://ogs.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='Unknown Status' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 2 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 2 elapsed 0 ms client-out-terminated: start 2 elapsed 0 ms access-logging: start 2 elapsed 0 ms stop-transaction: start 2 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 2 client connection: first-response-byte 0 last-response-byte 2 stop transaction -------------------- start transaction ------------------- transaction ID=4118177 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] miss: [Rule] http.response.code=200 MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:50 UTC CONNECT tcp://ogs.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 1 elapsed 3 ms authorization start 4 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 5 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 3 ms access-logging: start 5 elapsed 0 ms stop-transaction: start 5 elapsed 0 ms Total Policy evaluation time: 3 ms url_categorization complete time: 1 client connection: first-response-byte 0 last-response-byte 5 stop transaction -------------------- start transaction ------------------- transaction ID=4118178 type=ssl.tunnel transaction handed off from: 4118177 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:50 UTC unknown ssl://ogs.google.com:443/ origin server next-hop IP address=216.58.208.238 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 1 static categorization time: 1 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 351 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms stop-transaction: start 351 elapsed 0 ms Total Policy evaluation time: 0 ms ssl server hello complete: 350 url_categorization complete time: 1 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 174 Total time added: 0 ms Total latency to first byte: 173 ms Request latency: 0 ms OCS connect time: 173 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4118311 type=https.forward-proxy transaction handed off from: 4118179 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:50 UTC GET https://ogs.google.com/u/0/widget/app?hl=en&origin=chrome-search://local-ntp&pid=1&spid=243&gm&usegapi=1 rewritten URL(s): cache_url=https://ogs.google.com/u/0/widget/app?hl=en&origin=chrome-search%3A%2F%2Flocal-ntp&pid=1&spid=243&gm&usegapi=1&bcsi_scan_36eb41fd84054c8c=90BzIB6Ru+FyfFwMiqNPAihtHvACAAAAJ9c+AA== origin server next-hop IP address=216.58.208.238 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 644 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 1 ms server-out: start 2 elapsed 0 ms server-in: start 2 elapsed 0 ms client-out: start 643 elapsed 0 ms access-logging: start 643 elapsed 1 ms stop-transaction: start 644 elapsed 0 ms Total Policy evaluation time: 2 ms url_categorization complete time: 1 ICAP Response Scan: start 344 delay 0 finish 643 server connection: start 2 DNS Lookup: start 2 elapsed 0 ms server connection: connected 2 first-byte 344 last_byte 515 client connection: first-response-byte 643 last-response-byte 643 Total time added: 129 ms Total latency to first byte: 300 ms Request latency: 1 ms OCS connect time: 0 ms Response latency (first byte): 299 ms Response latency (last byte): 128 ms stop transaction -------------------- start transaction ------------------- transaction ID=4118448 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:51 UTC CONNECT tcp://www.gstatic.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='need_credentials' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 1 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms client-out-terminated: start 1 elapsed 0 ms access-logging: start 1 elapsed 0 ms stop-transaction: start 1 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 1 client connection: first-response-byte 0 last-response-byte 1 stop transaction -------------------- start transaction ------------------- transaction ID=4118449 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:51 UTC CONNECT tcp://apis.google.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='need_credentials' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Web Infrastructure@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 1 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms client-out-terminated: start 1 elapsed 0 ms access-logging: start 1 elapsed 0 ms stop-transaction: start 1 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 client connection: first-response-byte 0 last-response-byte 1 stop transaction -------------------- start transaction ------------------- transaction ID=4118450 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:51 UTC CONNECT tcp://www.gstatic.com:443/ DNS lookup was unrestricted User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: unauthenticated authentication status='need_credentials' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 1 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms client-out-terminated: start 1 elapsed 0 ms access-logging: start 1 elapsed 0 ms stop-transaction: start 1 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 1 client connection: first-response-byte 0 last-response-byte 1 stop transaction -------------------- start transaction ------------------- transaction ID=4118464 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:51 UTC POST https://play.google.com/log?format=json&hasfast=true rewritten URL(s): cache_url=https://play.google.com/log?format=json&hasfast=true&bcsi_scan_36eb41fd84054c8c=ijTX/lrasTw+qmhgPdVBt1KVgEICAAAAwNc+AA== origin server next-hop IP address=172.217.19.14 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Content-Length: 1886 Referer: https://ogs.google.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Shopping@Blue Coat;Software Downloads@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 651 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 358 elapsed 0 ms client-out: start 651 elapsed 0 ms access-logging: start 651 elapsed 0 ms stop-transaction: start 651 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 ICAP Response Scan: start 647 delay 0 finish 651 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 358 first-byte 647 last_byte 650 client connection: first-response-byte 651 last-response-byte 651 Total time added: 1 ms Total latency to first byte: 361 ms Request latency: 0 ms OCS connect time: 357 ms Response latency (first byte): 4 ms Response latency (last byte): 1 ms stop transaction -------------------- start transaction ------------------- transaction ID=4118728 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:52 UTC POST http://s.symcd.com/ DNS lookup was unrestricted User-Agent: Java/1.8.0_241 user: unauthenticated authentication status='need_credentials' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Web Infrastructure@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 27 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 22 elapsed 5 ms client-out-terminated: start 27 elapsed 0 ms access-logging: start 27 elapsed 0 ms stop-transaction: start 27 elapsed 0 ms Total Policy evaluation time: 5 ms url_categorization complete time: 22 client connection: first-response-byte 0 last-response-byte 27 stop transaction -------------------- start transaction ------------------- transaction ID=4118877 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:52 UTC POST http://s.symcd.com/ DNS lookup was unrestricted User-Agent: Java/1.8.0_241 user: unauthenticated authentication status='Unknown Status' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Web Infrastructure@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 1 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms client-out-terminated: start 1 elapsed 0 ms access-logging: start 1 elapsed 0 ms stop-transaction: start 1 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 client connection: first-response-byte 0 last-response-byte 1 stop transaction -------------------- start transaction ------------------- transaction ID=4118878 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:52 UTC POST http://s.symcd.com/ DNS lookup was unrestricted rewritten URL(s): cache_url=http://s.symcd.com/?bcsi_scan_36eb41fd84054c8c=Hhkg5aA7Ve1e40mYBd2xmrXO9VcCAAAAXtk+AA== origin server next-hop IP address=23.50.155.27 Content-Length: 83 User-Agent: Java/1.8.0_241 user: name="PHAP\srashid" realm=PHAP authentication start 7 elapsed 8 ms authorization start 15 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Web Infrastructure@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Summary: icap-error-code: file_type_served Transaction timing: total-transaction-time 208 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 7 elapsed 8 ms server-out: start 15 elapsed 0 ms server-in: start 206 elapsed 1 ms client-out: start 208 elapsed 0 ms access-logging: start 208 elapsed 0 ms stop-transaction: start 208 elapsed 0 ms Total Policy evaluation time: 9 ms url_categorization complete time: 7 ICAP Response Scan: start 207 delay 0 finish 208 server connection: start 15 DNS Lookup: start 15 elapsed 0 ms server connection: connected 111 first-byte 206 last_byte 207 client connection: first-response-byte 208 last-response-byte 208 Total time added: 9 ms Total latency to first byte: 106 ms Request latency: 8 ms OCS connect time: 96 ms Response latency (first byte): 2 ms Response latency (last byte): 1 ms stop transaction -------------------- start transaction ------------------- transaction ID=4118937 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:52 UTC POST http://ts-ocsp.ws.symantec.com/ DNS lookup was unrestricted User-Agent: Java/1.8.0_241 user: unauthenticated authentication status='need_credentials' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Web Infrastructure@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 9 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 3 elapsed 6 ms client-out-terminated: start 9 elapsed 0 ms access-logging: start 9 elapsed 0 ms stop-transaction: start 9 elapsed 0 ms Total Policy evaluation time: 6 ms url_categorization complete time: 3 client connection: first-response-byte 0 last-response-byte 9 stop transaction -------------------- start transaction ------------------- transaction ID=4118940 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:52 UTC POST http://ts-ocsp.ws.symantec.com/ DNS lookup was unrestricted User-Agent: Java/1.8.0_241 user: unauthenticated authentication status='Unknown Status' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Web Infrastructure@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 1 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms client-out-terminated: start 1 elapsed 0 ms access-logging: start 1 elapsed 0 ms stop-transaction: start 1 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 client connection: first-response-byte 0 last-response-byte 1 stop transaction -------------------- start transaction ------------------- transaction ID=4118941 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:52 UTC POST http://ts-ocsp.ws.symantec.com/ DNS lookup was unrestricted rewritten URL(s): cache_url=http://ts-ocsp.ws.symantec.com/?bcsi_scan_36eb41fd84054c8c=DR6PDwyunOZOi6FYr3jZTlFbesECAAAAndk+AA== origin server next-hop IP address=23.50.155.27 Content-Length: 83 User-Agent: Java/1.8.0_241 user: name="PHAP\srashid" realm=PHAP authentication start 2 elapsed 3 ms authorization start 5 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Web Infrastructure@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Summary: icap-error-code: file_type_served Transaction timing: total-transaction-time 101 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 2 elapsed 3 ms server-out: start 5 elapsed 0 ms server-in: start 100 elapsed 0 ms client-out: start 101 elapsed 0 ms access-logging: start 101 elapsed 0 ms stop-transaction: start 101 elapsed 0 ms Total Policy evaluation time: 3 ms url_categorization complete time: 2 ICAP Response Scan: start 100 delay 0 finish 101 server connection: start 5 DNS Lookup: start 5 elapsed 0 ms server connection: connected 5 first-byte 100 last_byte 100 client connection: first-response-byte 101 last-response-byte 101 Total time added: 4 ms Total latency to first byte: 4 ms Request latency: 3 ms OCS connect time: 0 ms Response latency (first byte): 1 ms Response latency (last byte): 1 ms stop transaction -------------------- start transaction ------------------- transaction ID=4119032 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:53 UTC POST http://s2.symcb.com/ DNS lookup was unrestricted User-Agent: Java/1.8.0_241 user: unauthenticated authentication status='need_credentials' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Web Infrastructure@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 16 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 10 elapsed 6 ms client-out-terminated: start 16 elapsed 0 ms access-logging: start 16 elapsed 0 ms stop-transaction: start 16 elapsed 0 ms Total Policy evaluation time: 6 ms url_categorization complete time: 10 client connection: first-response-byte 0 last-response-byte 16 stop transaction -------------------- start transaction ------------------- transaction ID=4119039 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:53 UTC POST http://s2.symcb.com/ DNS lookup was unrestricted User-Agent: Java/1.8.0_241 user: unauthenticated authentication status='Unknown Status' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Web Infrastructure@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 1 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms client-out-terminated: start 1 elapsed 0 ms access-logging: start 1 elapsed 0 ms stop-transaction: start 1 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 1 client connection: first-response-byte 0 last-response-byte 1 stop transaction -------------------- start transaction ------------------- transaction ID=4119040 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:53 UTC POST http://s2.symcb.com/ DNS lookup was unrestricted rewritten URL(s): cache_url=http://s2.symcb.com/?bcsi_scan_36eb41fd84054c8c=y864WN1urEbeJvxMEuTFhYtH0tsCAAAAANo+AA== origin server next-hop IP address=23.50.155.27 Content-Length: 83 User-Agent: Java/1.8.0_241 user: name="PHAP\srashid" realm=PHAP authentication start 2 elapsed 2 ms authorization start 4 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Web Infrastructure@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Summary: icap-error-code: file_type_served Transaction timing: total-transaction-time 101 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 2 elapsed 2 ms server-out: start 4 elapsed 0 ms server-in: start 100 elapsed 0 ms client-out: start 101 elapsed 0 ms access-logging: start 101 elapsed 0 ms stop-transaction: start 101 elapsed 0 ms Total Policy evaluation time: 2 ms url_categorization complete time: 2 ICAP Response Scan: start 100 delay 0 finish 101 server connection: start 4 DNS Lookup: start 4 elapsed 0 ms server connection: connected 4 first-byte 100 last_byte 100 client connection: first-response-byte 101 last-response-byte 101 Total time added: 3 ms Total latency to first byte: 3 ms Request latency: 2 ms OCS connect time: 0 ms Response latency (first byte): 1 ms Response latency (last byte): 1 ms stop transaction -------------------- start transaction ------------------- transaction ID=4119106 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:53 UTC POST http://sv.symcd.com/ DNS lookup was unrestricted User-Agent: Java/1.8.0_241 user: unauthenticated authentication status='need_credentials' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Web Infrastructure@Blue Coat total categorization time: 1 static categorization time: 1 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 15 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 11 elapsed 4 ms client-out-terminated: start 15 elapsed 0 ms access-logging: start 15 elapsed 0 ms stop-transaction: start 15 elapsed 0 ms Total Policy evaluation time: 4 ms url_categorization complete time: 11 client connection: first-response-byte 0 last-response-byte 15 stop transaction -------------------- start transaction ------------------- transaction ID=4119111 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate late: [builtin-prolog:722] late: [vpm-cpl:112] late: [builtin-epilog:9] late: [builtin-epilog:17] late: [builtin-epilog:21] late: [builtin-epilog:25] late: [builtin-epilog:34] late: [builtin-epilog:39] late: [builtin-epilog:52] late: [builtin-epilog:66] late: [builtin-epilog:71] [builtin-prolog:246] MATCH: t_procedure.dashboard_blocked_stats_infinity [builtin-prolog:237] MATCH: t_procedure.dashboard_record_hourly [builtin-prolog:240] MATCH: t_procedure.dashboard_record_daily [builtin-prolog:243] MATCH: t_procedure.dashboard_record_monthly late: [builtin-epilog:56] MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers late: condition=__GROUP1 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true late: variable.volume_quota_enforced=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=(value undetermined) volume_quota_name=(value undetermined) volume_quota_frequency=(value undetermined) volume_quota_limit=(value undetermined) volume_quota_warning_limit=(value undetermined) volume_quota_exceeded=(value undetermined) volume_quota_warning=(value undetermined) volume_quota_warning_exists=(value undetermined) guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=(value undetermined) false_flag=FALSE Called transaction procedure: dashboard_record_hourly Called transaction procedure: dashboard_record_daily Called transaction procedure: dashboard_blocked_stats_infinity Called transaction procedure: dashboard_record_monthly connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:53 UTC POST http://sv.symcd.com/ DNS lookup was unrestricted User-Agent: Java/1.8.0_241 user: unauthenticated authentication status='Unknown Status' authorization status='not_attempted' EXCEPTION(authentication_failed): Authentication failed either because credentials were not provided or they could not be validated url.category: none@Policy;Web Infrastructure@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 0 client.response.code: 407 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 authentication-required realm=PHAP (Certificate) Transaction timing: total-transaction-time 4 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 4 elapsed 0 ms client-out-terminated: start 4 elapsed 0 ms access-logging: start 4 elapsed 0 ms stop-transaction: start 4 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 4 client connection: first-response-byte 0 last-response-byte 4 stop transaction -------------------- start transaction ------------------- transaction ID=4119114 type=http.proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:53 UTC POST http://sv.symcd.com/ DNS lookup was unrestricted rewritten URL(s): cache_url=http://sv.symcd.com/?bcsi_scan_36eb41fd84054c8c=mmkvkOYF/kWMElm6Ow12NMguu4wCAAAASto+AA== origin server next-hop IP address=23.50.155.27 Content-Length: 83 User-Agent: Java/1.8.0_241 user: name="PHAP\srashid" realm=PHAP authentication start 6 elapsed 3 ms authorization start 9 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Web Infrastructure@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Summary: icap-error-code: file_type_served Transaction timing: total-transaction-time 208 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 6 elapsed 3 ms server-out: start 9 elapsed 0 ms server-in: start 206 elapsed 0 ms client-out: start 208 elapsed 0 ms access-logging: start 208 elapsed 0 ms stop-transaction: start 208 elapsed 0 ms Total Policy evaluation time: 3 ms url_categorization complete time: 6 ICAP Response Scan: start 206 delay 0 finish 208 server connection: start 9 DNS Lookup: start 9 elapsed 0 ms server connection: connected 9 first-byte 206 last_byte 206 client connection: first-response-byte 208 last-response-byte 208 Total time added: 5 ms Total latency to first byte: 5 ms Request latency: 3 ms OCS connect time: 0 ms Response latency (first byte): 2 ms Response latency (last byte): 2 ms stop transaction -------------------- start transaction ------------------- transaction ID=4113909 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:33 UTC GET https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=481&TYPE=xmlhttp&zx=19iu4mem8ddx&t=1 rewritten URL(s): cache_url=https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=481&TYPE=xmlhttp&zx=19iu4mem8ddx&t=1&bcsi_scan_36eb41fd84054c8c=BcDWDueMacSzlV2cPWRI6Xh1uEUCAAAA9cU+AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 25950 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 5183 elapsed 0 ms access-logging: start 25950 elapsed 0 ms stop-transaction: start 25950 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 ICAP Response Scan: start 338 delay 0 finish 25949 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 337 last_byte 25827 client connection: first-response-byte 5183 last-response-byte 25950 Total time added: 123 ms Total latency to first byte: 4846 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 4846 ms Response latency (last byte): 123 ms stop transaction -------------------- start transaction ------------------- transaction ID=4124747 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance miss: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance miss: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:41:14 UTC GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=8wcbdz7e7cbv origin server next-hop IP address=216.58.208.227 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://drive.google.com/drive/my-drive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Office/Business Applications@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: Google Drive application.operation: none application.group: File Sharing;Storage DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' Transaction timing: total-transaction-time 286 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 2 elapsed 0 ms server-in: start 2 elapsed 0 ms client-out: start 286 elapsed 0 ms access-logging: start 286 elapsed 0 ms stop-transaction: start 286 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 server connection: start 2 DNS Lookup: start 2 elapsed 0 ms server connection: connected 2 first-byte 286 last_byte 286 client connection: first-response-byte 286 last-response-byte 286 Total time added: 1 ms Total latency to first byte: 1 ms Request latency: 1 ms OCS connect time: 0 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction -------------------- start transaction ------------------- transaction ID=4120755 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:59 UTC GET https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=483&TYPE=xmlhttp&zx=9sh5etzdwg54&t=1 rewritten URL(s): cache_url=https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=483&TYPE=xmlhttp&zx=9sh5etzdwg54&t=1&bcsi_scan_36eb41fd84054c8c=M4ggvxpSyhDsXesyr4jaxSVKGCoCAAAAs+A+AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 30277 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 1 elapsed 0 ms client-out: start 4717 elapsed 0 ms access-logging: start 30277 elapsed 0 ms stop-transaction: start 30277 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 ICAP Response Scan: start 170 delay 0 finish 30276 server connection: start 1 DNS Lookup: start 1 elapsed 0 ms server connection: connected 1 first-byte 169 last_byte 30150 client connection: first-response-byte 4717 last-response-byte 30277 Total time added: 127 ms Total latency to first byte: 4548 ms Request latency: 0 ms OCS connect time: 0 ms Response latency (first byte): 4548 ms Response latency (last byte): 127 ms stop transaction -------------------- start transaction ------------------- transaction ID=4134789 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:41:56 UTC POST https://play.google.com/log?format=json&hasfast=true&authuser=0 rewritten URL(s): cache_url=https://play.google.com/log?format=json&hasfast=true&authuser=0&bcsi_scan_36eb41fd84054c8c=jkKEbM9PXJVjXPktPDPHOkBHEx8CAAAAhRc/AA== origin server next-hop IP address=172.217.19.14 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Content-Length: 875 Referer: https://drive.google.com/drive/my-drive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Shopping@Blue Coat;Software Downloads@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 set request header 'Accept-Encoding' value='gzip, deflate' set response header 'Cache-Control' value='private, proxy-revalidate' ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 298 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 5 elapsed 0 ms client-out: start 298 elapsed 0 ms access-logging: start 298 elapsed 0 ms stop-transaction: start 298 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 1 ICAP Response Scan: start 295 delay 0 finish 297 server connection: start 1 DNS Lookup: start 1 elapsed 4 ms server connection: connected 5 first-byte 295 last_byte 297 client connection: first-response-byte 298 last-response-byte 298 Total time added: 1 ms Total latency to first byte: 7 ms Request latency: 0 ms OCS connect time: 4 ms Response latency (first byte): 3 ms Response latency (last byte): 1 ms stop transaction -------------------- start transaction ------------------- transaction ID=4128446 type=https.forward-proxy [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] [Rule] miss: condition=_user_is_unknown MATCH: variable.volume_quota_exceeded=false t_procedure.update_volume_quota MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_secure_connection MATCH: response.icap_service.secure_connection(auto) Called policy definition: BC_malware_scanner MATCH: response.icap_service(bluecoat-local-response, fail-closed) Called policy definition: BC_malware_scanning_HighPerformance MATCH: condition=ShouldScanHighPerformance policy.BC_malware_scanner policy.BC_malware_scanning_secure_connection Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance MATCH: condition=ShouldScanHighPerformance response.icap_feedback(trickle_end) Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: update_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:41:30 UTC GET https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=485&TYPE=xmlhttp&zx=1cmywjmughxa&t=1 rewritten URL(s): cache_url=https://cello.client-channel.google.com/client-channel/channel/bind?authuser=0&ctype=cello&service=appscommonstorage&gsessionid=Ks69O6k6YsJ2vdZbLze9XvdDRI5bpqS6&sw=true&VER=8&RID=rpc&SID=9B6EDB94DA8DCEEF&CI=1&AID=485&TYPE=xmlhttp&zx=1cmywjmughxa&t=1&bcsi_scan_36eb41fd84054c8c=xLGoJs9xt5KgpBfiHgzKmogKPj8CAAAAvv4+AA== origin server next-hop IP address=74.125.140.189 Accept-Encoding: gzip Accept-Encoding: deflate Accept-Encoding: br Referer: https://cello.client-channel.google.com/client-channel/js/2663539887-sharedchannelmain_bin.js?ctype=cello&authuser=0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Search Engines/Portals@Blue Coat total categorization time: 0 static categorization time: 0 server.certficate.hostname.category: none@Policy;Email@Blue Coat total categorization time: 0 static categorization time: 0 server.response.code: 200 client.response.code: 200 application.name: none application.operation: none application.group: none DSCP client outbound: 65 DSCP server outbound: 65 ICAP RESPMOD Scan Summary: Error code: none Transaction timing: total-transaction-time 29171 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 2 elapsed 0 ms server-in: start 2 elapsed 0 ms client-out: start 5026 elapsed 0 ms access-logging: start 29171 elapsed 0 ms stop-transaction: start 29171 elapsed 0 ms Total Policy evaluation time: 0 ms url_categorization complete time: 0 ICAP Response Scan: start 333 delay 0 finish 29171 server connection: start 2 DNS Lookup: start 2 elapsed 0 ms server connection: connected 2 first-byte 332 last_byte 29163 client connection: first-response-byte 5026 last-response-byte 29171 Total time added: 9 ms Total latency to first byte: 4695 ms Request latency: 1 ms OCS connect time: 0 ms Response latency (first byte): 4694 ms Response latency (last byte): 8 ms stop transaction -------------------- start transaction ------------------- transaction ID=4112572 type=ssl.tunnel transaction handed off from: 4112571 [builtin-prolog:372] MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2) [builtin-prolog:712] MATCH: variable.false_flag(false) [builtin-prolog:718] MATCH: variable.time_quota_enforced(false) [local:10] miss: condition=ByPassWindowsUpdate [builtin-prolog:722] MATCH: variable.volume_quota_enforced(false) [vpm-cpl:112] miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: condition=__GROUP3 variable.volume_quota_enforced(true) variable.volume_quota_name(Internet-L1-Quota) variable.volume_quota_frequency(daily) variable.volume_quota_limit(1073741824) variable.volume_quota_warning_limit(966367641) [builtin-epilog:9] miss: variable.time_quota_enforced=true MATCH: variable.volume_quota_enforced=true policy.quota_aux_initialization@client-id miss: [builtin-epilog:17] variable.time_quota_enforced=true miss: [builtin-epilog:21] variable.time_quota_enforced=true miss: [builtin-epilog:25] variable.time_quota_enforced=true miss: [builtin-epilog:34] variable.time_quota_enforced=true miss: [builtin-epilog:39] variable.time_quota_enforced=true [builtin-epilog:52] miss: condition=_user_is_unknown MATCH: t_procedure.check_volume_quota t_procedure.check_volume_quota_warning [builtin-epilog:66] miss: [Rule] variable.volume_quota_warning=true [builtin-epilog:71] miss: [Rule] condition=_user_is_unknown [builtin-epilog:56] n/a: [Rule] http.response.code=200 MATCH: policy.BC_malware_scanning_solution MATCH: policy.BC_malware_scanning_solution_proxy miss: variable.false_flag=true miss: condition=mail.phap.sa miss: condition=webmail.moh.gov.sa miss: category=(Abortion, "Adult/Mature Content", Alcohol, "Child Pornography", Gambling, Games, "Malicious Outbound Data/Botnets", "Malicious Sources/Malnets", Marijuana, Nudity, "Peer-to-Peer (P2P)", Phishing, "Piracy/Copyright Concerns", Pornography, "Proxy Avoidance", "Sex Education", "Sexual Expression", Spam, Suspicious, Tobacco, "ad-hoc blocked websites", policy1) miss: request.application.name=Netflix miss: client.address=Phap-Servers miss: condition=__GROUP1 miss: condition=Quota-Exception-Requests MATCH: ALLOW condition=__GROUP3 miss: client.address=Phap-Servers miss: condition=mail MATCH: authenticate(phap) authenticate.force(no) authenticate.mode(auto) miss: condition=ByPassWindowsUpdate miss: condition=ByPassWindowsUpdate miss: request.application.name="Microsoft Update" miss: condition=MOHsite MATCH: client.address=10.0.10.175 trace.destination(TSE_access) trace.request(yes) miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: variable.time_quota_enforced=true miss: condition=_user_is_unknown MATCH: condition=!_user_is_unknown variable.volume_quota_exceeded=false miss: [Rule] variable.volume_quota_warning=true miss: [Rule] condition=_user_is_unknown Called policy definition: BC_malware_scanning_HighPerformance n/a: condition=ShouldScanHighPerformance MATCH: response.icap_service(no) Called policy definition: BC_malware_scanning_solution MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_HighPerformance Called policy definition: BC_malware_scanning_proxy_HighPerformance n/a: condition=ShouldScanHighPerformance Called policy definition: BC_malware_scanning_solution_proxy MATCH: ami.config.threat-protection.malware-scanning.level='(BC-Malware-Scanning-Scan-Level "high-performance")' policy.BC_malware_scanning_proxy_HighPerformance Called policy definition: quota_aux_initialization [builtin-prolog:691] miss: user=abc MATCH: user=!abc variable.user_authentication_is_on(true) [builtin-prolog:695] miss: variable.false_flag=true [builtin-prolog:698] miss: variable.false_flag=true Assigned values of transaction variables: bc_notify1=empty1 bc_notify2=empty2 time_quota_enforced=FALSE time_quota_name=(value undetermined) time_quota_frequency=(value undetermined) time_quota_limit=(value undetermined) time_quota_warning_limit=(value undetermined) time_quota_exceeded=(value undetermined) time_quota_warning=(value undetermined) time_quota_warning_exists=(value undetermined) guest_time_quota_exceeded=(value undetermined) guest_time_quota_warning=(value undetermined) guest_time_quota_warning_exists=(value undetermined) time_recorded=(value undetermined) guest_time_recorded=(value undetermined) volume_quota_enforced=TRUE volume_quota_name=Internet-L1-Quota volume_quota_frequency=daily volume_quota_limit=1073741824 volume_quota_warning_limit=966367641 volume_quota_exceeded=FALSE volume_quota_warning=FALSE volume_quota_warning_exists=FALSE guest_volume_quota_exceeded=(value undetermined) guest_volume_quota_warning=(value undetermined) guest_volume_quota_warning_exists=(value undetermined) user_authentication_is_on=TRUE false_flag=FALSE Called transaction procedure: check_volume_quota Called transaction procedure: check_volume_quota_warning connection: service.name=Explicit HTTP client.address=10.0.10.175 proxy.port=8080 client.interface=1:0.1 routing-domain=default location-id=0 access_type=unknown time: 2020-03-09 08:40:29 UTC unknown ssl://teams.microsoft.com:443/ origin server next-hop IP address=52.113.194.132 user: name="PHAP\srashid" realm=PHAP authentication start 0 elapsed 0 ms authorization start 0 elapsed 0 ms authentication status='none' authorization status='none' url.category: none@Policy;Chat (IM)/SMS@Blue Coat;Office/Business Applications@Blue Coat total categorization time: 0 static categorization time: 0 application.name: Office 365 Skype for Business application.operation: none application.group: Instant Messaging;Online Meetings;VoIP DSCP client outbound: 65 DSCP server outbound: 65 Transaction timing: total-transaction-time 127587 ms Checkpoint timings: new-connection: start 1 elapsed 0 ms client-in: start 1 elapsed 0 ms server-out: start 1 elapsed 0 ms server-in: start 202 elapsed 0 ms client-out: start 202 elapsed 0 ms access-logging: start 127587 elapsed 0 ms stop-transaction: start 127587 elapsed 0 ms Total Policy evaluation time: 0 ms ssl server hello complete: 201 url_categorization complete time: 0 ssl_server started tunnel: 301 server connection: start 1 DNS Lookup: start 202 elapsed 0 ms server connection: connected 101 client connection: first-response-byte 0 last-response-byte 127587 Total time added: 0 ms Total latency to first byte: 100 ms Request latency: 0 ms OCS connect time: 100 ms Response latency (first byte): 0 ms Response latency (last byte): 0 ms stop transaction --------------------