We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Service

How can I use my Web Security Flex's Forensics page to determine why a request is being blocked?

  • Type: Knowledgebase
  • Date changed: 6 years ago
Solution #00006232

Scope:

Applies to the Barracuda Web Security Flex, all deployment methods.

Answer:
Please use the following procedure to use the Web Security Flex's Forensics page to find out why a request is being blocked:

1. Using your web browser, make a request to the page that is being blocked. Note the exact time that the request was made, as well as the username you are logged in with.

2. Wait 30 minutes for the requests to appear in the Reports page.

3. Navigate to the Reports>Forensics page in the Flex Portal.

4. Click on the “Show Filters” button and enter the username (used in step 1) in the “User” field. Click on “View” under "Format."

5. Scroll down to the Report list, which contains all requests made by the specified user, grouped by domain.

6. Using the “TIME” column, find requests that match the exact time that was noted in step 1.

7. From among these requests, find the entry (or entries) that contain at least 1 blocked request as shown under the “ACTION” column.

8. This Forensics entry will show you general information about the group of requests, including the domain & corresponding URL Category.

9. For more granular information about the block, click the timestamp link under the “TIME” column. A pop-up should appear, providing information on each individual request performed during the page load.

10. You may need to scroll down to find specific element of the site that was blocked. Differentiate between blocked & allowed requests by using the “POLICY” column. If an entry exists under this column, this indicates that the request was blocked.

11. From within the pop-up, you can check several things:
a. Clicking the link under the “FULL PATH” column will show the category, file extension, or security violation that corresponds to the blocked request.
b. The “ACTION” column will show us which area within the rule that triggered the block.
c. The “TRIGGER GROUP” shows the particular user group that the block corresponds to (or blank if it pertains to Everyone).
d. The “POLICY” column names the actual rule that triggered the block.
12. As an example, the following information shows us that the request was blocked due to the rule named “Marketing – Block Uncategorized” which was triggered by a URL Category, & only applies to the Marketing user group.
a. Time: 12-27 11:40:46
b. Full Path: /en-us/home/style.cssx?k=~/shared/templates/Styles/reset-css.aspx...
c. Action: URL
d. Trigger Group: Marketing
e. Policy: Marketing – Block Uncategorized