BCWF URL testing for HTTPS sites using wild card certificates in SGOS 6.2 and lower will return the parent domain category.

book

Article ID: 168273

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

URL testing via the Management Console or CLI on SGOS 6.2 and lower will result in the site being categorized as per the parent domain, and not the whole domain. For example, testing the site https://caldaro.wordpress.com via the Management Console or CLI will result in the following categorization:
 #(config content-filter)test-url https://caldaro.wordpress.com
Testing URL 'https://caldaro.wordpress.com/'
category: Web Hosting
application name: WordPress
application operation: none
 
Testing the same site for a client via the same ProxySG appliance will show the correct categorization as per the Packet trace:
start transaction -------------------
CPL Evaluation Trace: transaction ID=3227
 <Proxy>
MATCH:     trace.request(yes) trace.rules(all) trace.destination(test) 
connection: service.name=Explicit HTTP client.address=10.91.1.63 proxy.port=8080
time: 2014-12-08 16:47:39 UTC
CONNECT tcp://caldaro.wordpress.com:443/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
user: unauthenticated
url.category: Financial [email protected] Coat
application.name: WordPress

application.operation: none
DSCP client outbound: 65

DSCP server outbound: 65              

Cause

This is due to the way the test URL feature is handled in SGOS 6.2 and lower/
 

Resolution

None, and it’s important to note this only effects test URL via the Management Console or the CLI, and not user traffic, as can be seen in the example above. However if this is off concern then code enhancements in 6.3 and higher does address this and an upgrade to the latest SGOS is advisable.
 

Workaround

N/A