No Block Page visible on browser when DLP block WSS traffic
search cancel

No Block Page visible on browser when DLP block WSS traffic


Article ID: 218355


Updated On:


Cloud Secure Web Gateway - Cloud SWG


Integrated WSS with Cloud DLP solution

When WSS sends the traffic to DLP for inspection , DLP logs confirm it is triggering the policy but it is not showing any block page.

User sees a spinning wheel highlighted below but has no idea why upload failed


I have tried on , it keeps on trying to upload but no error . Attached is the har file for that .


WSS agent used to connect to WSS

DLPTEST.COM used to test DLP policies


Web application used to upload file is not rendering the correct response from WSS

Proxy HTTP logs confirm that WSS blocked the upload operation, a status it got from DLP server, and includes the correct exception ID and action highlighted below

$ grep POST logdownload-12345-2021-06-22T1* |grep dlp

logdownload-12345-2021-06-22T17-8937617123625782696.csv:"2021-06-22","17:02:07","667","","BCOM\neil","-","data_leak_denied","DENIED","""null""","","200","TCP_DENIED","POST","-","http","","80","/wp-admin/admin-ajax.php","-","php","""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36 Edg/91.0.864.48""","","12893","22181","yes","-","client","DLPTest","none","","""United States""","ICAP_REPLACED","-","ICAP_NOT_SCANNED","-","Ireland","3","XMLHttpRequest","DP3-GIEDU1_proxysg4","None","-","-","0","-","30850","-","-","-"


HAR file from the operation confirms WSS sends the exception info back to browser

<!-- ### Exception specific page content ### -->
<div class="content">
id="lang-summary">WARNING &nbsp;-&nbsp; ACTION DENIED</H2>
   <span id="lang-details">
         <p><b>Exception details:</b></p>
class="c1">Denied URL:</span> http:&#x2F;&#x2F;;wp-admin&#x2F;admin-ajax.php</li>
class="c1">Browser query:</span> POST http:&#x2F;&#x2F;;wp-admin&#x2F;admin-ajax.php HTTP&#x2F;1.1</li>
<!-- ### Report on generic details ### -->
<div class="content">
Generic user details:</b></p>
  <li><span class="c1">Your IP address:</span></li>
  <li><span class="c1">Your username:</span> <span class="c2">BCOM\neil</span><span id="group-id" class="hidden">group(s): </span></li>
  <li><span class="c1">Current date/time:</span> [22&#x2F;Jun&#x2F;2021:17:02:07 +0000] (GMT)</li>
  <li><span class="c1">User-Agent:</span> Mozilla&#x2F;5.0 (Windows NT 10.0; Win64; x64) AppleWebKit&#x2F;537.36 (KHTML, like Gecko) Chrome&#x2F;91.0.4472.101 Safari&#x2F;537.36 Edg&#x2F;91.0.864.48</li>




Unfortunately we are at the mercy of the WebApp here - as it is responsible for rendering the data returned from WSS and the logic there needs to be tweaked to handle this better.

There are plans to create a notification service that integrates with DLP but not ETA committed yet. It will be similar in operation to the CASB block notification service referenced here.