Access logs show that some blocked categories were allowed


Article ID: 166978


Updated On:


Reporter Advanced Secure Gateway Software - ASG ProxySG Software - SGOS


  • The Symantec ProxySG or Advanced Secure Gateway (ASG) access logs show that some blocked categories were allowed.
  • ProxySG or ASG access logs show that a particular URL was Allowed even though the category was Blocked.
  • Reporter might show the category as none.
  • HTTP response code is 404.


This is expected behavior. If you would like to stop requests to denied sites, see ProxySG is requesting resources for denied sites.

Additional information

Suppose you have a bad site, such as following:

2009-06-25 06:56:19 1 ISUSMCD cn=BlueCoat_Download,ou=Applications,ou=GROUPS,o=osr policy_denied DENIED "Adult/Mature Content;Personals/Dating" -  403 TCP_DENIED GET - http 80 / - - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)" 910 646 -

This was caught and categorized correctly. However, if you take a look at this:

2009-06-25 06:56:20 542 ISUSMCD cn=BlueCoat_Download,ou=Applications,ou=GROUPS,o=osr - OBSERVED "none"  404 TCP_NC_MISS GET text/html;%20charset=iso-8859-1 http 80 /blocked_files/osr_logo.gif - gif "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)" 785 439 -

It's the same server, but the category is none and the URL was allowed.

The behavior of BCWF/WebPulse is expected.

  • The first URL,, is categorized in the BCWF database, but:
  • The second URL,, is not categorized yet, hence the none category. When a URL receives none category, the ProxySG appliance sends the URL to WebPulse for categorization.

    When the second URL,, is received by WebPulse, it sees that it is requesting an image file, that cannot be analyzed immediately and will be rated manually by Blue Coat. Before that categorization, WebPulse returns a category of none.

Using policy, you can decide how the proxy handles URLs that are categorized as none.