"An unknown error has occured" message reported activating policy updates applied via WSS Portal
Article ID: 203947
Updated On:
Products
Issue/Introduction
WSS administrator logged into https://portal.threatpulse.com/
After applying a number of policy changes, the admin clicks on activate policy to push the changes out
After doing so, the following message appears on the browser indicating an unknown error has occurred
Environment
WSS Administered through Portal
Content filtering rules referencing huge numbers of individual IP addresses and DNS names (up to 50k)
Cause
The policy change being pushed out exceeds a certain threshold, causing the write operation to the back end data base to fail.
Resolution
Design the Content Filtering rules around categories and applications, rather than individual URLs.
In the above case, the internal security team scanning for invalid, uncategorised, compromised, malware, phishing, etc URLs were handing the WSS administrators exception domains/IP addresses to add to the list of blocked sites. This exception list was growing to tens of thousands of entries, and eventually exceeded a threshold the back end database table was set to. Instead of adding huge numbers of custom domains and IP addresses, we redesigned the content filtering rules to leverage the WSS categorisations, by blocking access to domains/IP addresses categorised under compromised, malware, phishing. This allowed us to replace the 50k domains and IP addresses with a simpler, smaller set of rules that adhered to the database constraints.
For a list of all the categories supported, check out http://sitereview.bluecoat.com/#/category-descriptions
Attachments
Feedback
