(Cloud) Category "Unavailable" exception page accessing some web sites

book

Article ID: 168533

calendar_today

Updated On:

Products

CDP Integration Server

Issue/Introduction

When accessing some web sites, specifically https, users receive a block/exception page indicating access to the site was denied.  Checking policy the site is allowed and after reviewing the sites url rating on http://sitereview.bluecoat.com the category is an allowed category within your rule set.

Resolution

The category "Unavailable" was never intended for the user to encounter.  This generally means that the cloud proxy was unable to retrieve a rating from the rating services which results in the "Unavailable" category message instead of displaying the actual category that has caused the block page.  There are three scenarios that have been identified which can cause this problem.  Also, the problem appears to be specific to HTTPs sites only. 

The first trigger is usually an attempt to access a URL that is correctly rated but the IP is not.  It is important, due to encrypted packets, that the IP address is rated when accessing HTTPs sites.  Because some of these sites IP's are not rated this results in an "unrated" category and can trigger the "Unavailable" exception page.  You can rate these IP's by going to http://sitereview.bluecoat.com, entering the ip address and then submitting a request to have the IP address rated appropriately.

Another condition that triggers the "Unavaiable" is when UNCATEGORIZED category is blocked in policy.  Even if the conditions above have been satisfied, there is still the possibility of seeing the exception page.  Not blocking "Uncategorized" will allow access to the sites provided the conditions set above in the first example (rated IP's) have been achieved.

Thirdly, there have been instances where URL and IP's have different category ratings.  Generally, the URL is rated correctly but the IP may have a rating that is blocked in policy.  ex. Pornography, Suspicious, etc...  Submitting a request to have the URL and IP's correctly categorized will rectify the problem.