This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
biskit
Advisor
‎2023-09-15 03:58 AM

URLF Blocked vs Reject?

Why is some web traffic blocked, and other traffic rejected?  I’m having problems with Facebook and YouTube.

I have a Spark 1500, R81.10.05, currently managed via the Infinity Portal Spark Management, but I’ve also turn off Cloud management and tried locally and get the same results.

I have HTTPS Inspection enabled.  Trying to go back to basics, I’ve turn off all “bypass” categories:

biskit_0-1694775304841.png

 

As a test I enabled URLF, in the Block Other… box I only have Media Streams selected.

biskit_1-1694775304852.png

 

 

biskit_2-1694775304855.png

 

When I browse to https://vimeo.com I get a User Check block page.  The log shows the connection as “Blocked” and I see the redirect.  Great!  That’s what I expect.

 

biskit_3-1694775304860.jpeg

 

 

 

But…

When I browse to https://youtube.com I do not get the block message.  Instead I just get “can’t reach this page”, and the log shows a Reject, and also that HTTPS Inspection was bypassed.

biskit_4-1694775304863.jpeg

 

 

biskit_5-1694775304865.png

 

Exactly the same thing happens when I add Facebook to the Block Other… group.  It is rejected, HTTPS bypassed, and I get no User Check block message.

 

Why do some sites get correctly categorised, blocked, and redirected to the User Check block page, while others are bypassed and rejected with no block message?  Why is YouTube and Facebook HTTPS Bypassed and then rejected with no block message?

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2023-09-15 08:19 AM

To generate a block page consistently, HTTPS Inspection must be enabled.
This is because it is not possible to inject a block page once an HTTPS session starts because…it’s encrypted.
In this situation, you will get the “can’t reach this page” error.
In other words, this is expected behavior.

0 Kudos
biskit
Advisor
‎2023-09-15 09:08 AM
In response to PhoneBoy

HTTPS Inspection is already on.
I've put the same Spark box onto a proper SmartCenter today and from limited testing, I think I'm seeing the same behaviour.   All sites tested are HTTPS and some sites get the block message, others get the "page not found" message.   I can't figure out a pattern at the moment.  Maybe it's a Spark issue?  I'll test further next week and compare the same policy installed to a non-Spark.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events