search cancel

BCWF URL testing for HTTPS sites using wild card certificates in SGOS 6.2 and lower will return the parent domain category.


Article ID: 168273


Updated On:


ProxySG Software - SGOS


URL testing via the Management Console or CLI on SGOS 6.2 and lower will result in the site being categorized as per the parent domain, and not the whole domain. For example, testing the site via the Management Console or CLI will result in the following categorization:
 #(config content-filter)test-url
Testing URL ''
category: Web Hosting
application name: WordPress
application operation: none
Testing the same site for a client via the same ProxySG appliance will show the correct categorization as per the Packet trace:
start transaction -------------------
CPL Evaluation Trace: transaction ID=3227
MATCH:     trace.request(yes) trace.rules(all) trace.destination(test) 
connection: HTTP client.address= proxy.port=8080
time: 2014-12-08 16:47:39 UTC
CONNECT tcp://
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
user: unauthenticated
url.category: Financial [email protected] Coat WordPress

application.operation: none
DSCP client outbound: 65

DSCP server outbound: 65              


This is due to the way the test URL feature is handled in SGOS 6.2 and lower/


None, and it’s important to note this only effects test URL via the Management Console or the CLI, and not user traffic, as can be seen in the example above. However if this is off concern then code enhancements in 6.3 and higher does address this and an upgrade to the latest SGOS is advisable.