Negated category rules stop working after an upgrade to SGOS 6.5.7.6 or later
Article ID: 168713
Updated On:
Products
Asset Management Solution
Data Center Security Monitoring Edition
ProxySG Software - SGOS
Issue/Introduction
You might notice that after upgrading to SGOS 6.5.7.6 from 6.5.7.5, SSL interception no longer works.The policy rule that stopped working is like the following:
<ssl-intercept>
condition=!CombinedDestination2 ssl.forward_proxy(https) ssl.forward_proxy.issuer_keyring(default)
define condition __CondList1CombinedDestination2
condition=RequestURLCategory4
end
define condition RequestURLCategory4
category=(Games, "Financial Services")
end
Cause
Blue Coat categories for YouTube changed in SGOS 6.5.7.6 to support YouTube API V3. To support the new API, you must generate and enter a server key. After upgrading SGOS, the event log shows the following message if the server key is not available.
2015-07-15 11:10:20-00:00UTC "Categorization for YouTube now requires a server key. To continue using this feature, please set the server key." 0 500000:1 youtube.cpp:24
6.5.7.6
Because the lookup mode for YouTube is hard-coded to Always (in the Management Console, select Configuration > Content Filtering > General), URL categorization is always attempted but does not work. Due to unavailable
categories, the negate rule cannot be evaluated correctly.
In addition, a policy trace shows a message like the following:
url.category: [email protected];News/[email protected] Coat
2015-07-15 11:10:20-00:00UTC "Categorization for YouTube now requires a server key. To continue using this feature, please set the server key." 0 500000:1 youtube.cpp:24
6.5.7.6
Because the lookup mode for YouTube is hard-coded to Always (in the Management Console, select Configuration > Content Filtering > General), URL categorization is always attempted but does not work. Due to unavailable
categories, the negate rule cannot be evaluated correctly.
In addition, a policy trace shows a message like the following:
url.category: [email protected];News/[email protected] Coat
Resolution
Generate and set the server key. See Set the server key for YouTube API v3 on the ProxySG appliance.
Alternatively, disable Blue Coat categories for YouTube as a provider.
Alternatively, disable Blue Coat categories for YouTube as a provider.
Feedback
Powered by
