ProxySG & Advanced Secure Gateway

Expand all | Collapse all

Unknown requests from ProxySG

  • 1.  Unknown requests from ProxySG

    Posted 12-02-2019 04:22 AM
    Edited by John 8 days ago


  • 2.  RE: Unknown requests from ProxySG

    Posted 12-02-2019 02:13 PM

    Hi,

    the entry shows, that some client (the IP would be the masked "client source ip") tries to contact that website and that the request is proxied by the ProxySG. According to the log that request is ultimately blocked by the ProxySG's policy. By what element of the policy cannot be determined by just looking at that log entry.

    It could by because of the blacklist you seem to have defined called "LST_BLACK_LIST_URLS". But that's just a guess without further information.

    But since you say you still see DNS lookups from the SG and maybe even connections to that web site from the SG I would assume that beside a simple url black list you also test for policy conditions that require the SG to contact the server to be able to evaluate your policy. Typical examples would be a policy check for MIME type or Apparent Data type because those are determined by the server and cannot be derived from the client's request alone.

    So if want to know why such requests occur check out that client and what business it has on that server.

    Kind Regards,

    Gunnar