How to include custom verdicts in blocked sites reports?
search cancel

How to include custom verdicts in blocked sites reports?

book

Article ID: 166422

calendar_today

Updated On:

Products

Reporter

Issue/Introduction

I am using a Custom denied page  for my denied and blocked verdicts, causing some content to be missed in my Blocked Websites Report.  

Other  affected Reports that this issue affects are:

  • Malware Requests Blocked by Site
  • Blocked Web Browsing per User (called "Blocked Web Requests per User" in a ProxyClient database)
  • Blocked Web Sites
  • Blocked Web Browsing by User Agent

 

 

 

Resolution

Reporter, by default,  reports on verdicts with the word "denied" in the text string name. Reporter may not catch the text  used in the custom made denied page, when it searches for content that is denied. Consequently, if you are using a custom denied page, some reports may not show  the denied content. Those reports that do not work would be those trigger off the text "denied" as a means to find denied, or blocked content.   

There are two solutions for this:

1: Redesign your SG policy to include the text "denied" somewhere in custom verdict for blocked web sites.

Note: This will only affect new data that is processed into the Reporter database.

2: Create a new custom report with the verdicts that are showing up as denied, and use that report for your blocked Web sites report.

Here's how:

  • Run the pre-defined "Blocked Websites report.
  • Click on "Report Options".
  • Click on the drop down list after  "Verdict" and  "Contains " and choose your Custom made Verdict name.
  • Click APPLY.
  • Optional: Click on 'add criteria and repeat the above step for any other Verdict you may want to add to this report.
  • Click Apply, and then save this report as a different name.

Note1: Follow the same steps above for each report that is affected.

Note2: The dashboard can be re-configured to carry this report, instead of the pre-defined one.

Note3: More information on all the potential verdicts that a SG may include in it's access log can be found here:

/articles/Solution/WhydoestheverdictlistinReporterchangefromtimetotime

NOTE4:  In some customers cases, even though their verdicts do carry the word denied in them,  the reports will show as empty. This is because, the customer is also populated the x-exception-id .  The impact is that if the log files contain value for the x-exception-id field, we see a different set of values in the option dropdown list, compared to log files that have null x-exception-id field (in which case sc-filter-result field is used to populate the dropdown box).

 

 

 

Powered by Wolken Software