Applies to the Barracuda Web Security Flex, all deployment methods.
Please use the following procedure to use the Web Security Flex's Forensics page to find out why a request is being blocked:
1. Using your web browser, make a request to the page that is being blocked. Note the exact time that the request was made, as well as the username you are logged in with.
2. Wait 30 minutes for the requests to appear in the Reports page.
3. Navigate to the Reports>Forensics page in the Flex Portal.
4. Click on the “Show Filters” button and enter the username (used in step 1) in the “User” field. Click on “View” under "Format."
5. Scroll down to the Report list, which contains all requests made by the specified user, grouped by domain.
6. Using the “TIME” column, find requests that match the exact time that was noted in step 1.
7. From among these requests, find the entry (or entries) that contain at least 1 blocked request as shown under the “ACTION” column.
8. This Forensics entry will show you general information about the group of requests, including the domain & corresponding URL Category.
9. For more granular information about the block, click the timestamp link under the “TIME” column. A pop-up should appear, providing information on each individual request performed during the page load.
10. You may need to scroll down to find specific element of the site that was blocked. Differentiate between blocked & allowed requests by using the “POLICY” column. If an entry exists under this column, this indicates that the request was blocked.
11. From within the pop-up, you can check several things:
a. Clicking the link under the “FULL PATH” column will show the category, file extension, or security violation that corresponds to the blocked request.12. As an example, the following information shows us that the request was blocked due to the rule named “Marketing – Block Uncategorized” which was triggered by a URL Category, & only applies to the Marketing user group.
b. The “ACTION” column will show us which area within the rule that triggered the block.
c. The “TRIGGER GROUP” shows the particular user group that the block corresponds to (or blank if it pertains to Everyone).
d. The “POLICY” column names the actual rule that triggered the block.
a. Time: 12-27 11:40:46
b. Full Path: /en-us/home/style.cssx?k=~/shared/templates/Styles/reset-css.aspx...
c. Action: URL
d. Trigger Group: Marketing
e. Policy: Marketing – Block Uncategorized
Link to this page: