WebBlocker override question

At the bottom of the FSM window for WebBlocker configuration, I have the Enable WebBlocker Override button checked and set for a passphrase. The only box in the list of Deny categories that has a checkbox in the Override column is Gambling.

I also have "When a URL is uncategorized" set to Warn.

The unexpected behavior I just saw is that I was looking to see when QuickBooks 2020 will be released and clicked a link to https://www.blackerfriday[DOT]com/quickbooks/ and WB came up with the block page with "Reason: Category 'Compromised Websites' denied by WebBlocker policy 'WebBlocker.Mgmt', and it had the "If your administrator has given you permission to override WebBlocker, type your password below" box under the normal Deny message.

Why would it be offering me the override when the box for Compromised Websites is unchecked in the Override column? Shouldn't that ONLY allow an override for boxes that are checked in that column?

Gregg

Gregg Hill

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi GreggHill

    It's most likely that it's your HTTPS proxy settings. If you look, there's webblocker settings in the https proxy itself, but also settings if you are set to inspect (which would pass of to the HTTP proxy.

    The error message that you're seeing should mention the webblocker/proxy action that you're running into -- make sure you're editing that one.

    Thank you,

    -James Carson
    WatchGuard Customer Support

  • I must be missing something inside my head. I have custom Deny message in my proxies for the purpose of telling which one is blocking what. In the case of this web site, I get the following.

    "Request denied by WatchGuard HTTP-Client.Mgmt-DPI Proxy.

    Reason: Category 'Compromised Websites' denied by WebBlocker policy 'WebBlocker.Mgmt'."

    So, I know that my "HTTP-Client.Mgmt-DPI" policy is blocking due to the settings of the "WebBlocker.Mgmt" policy within it.

    In the WebBlocker.Mgmt policy, "Enable WebBlocker Override" has its global box checked, which by default checks all boxes in the Override column. I only have Gambling checked in the Override column. That tells me that the only category that should get the password override is the Gambling category, but that is not what is happening here.

    What am I missing?

    Gregg Hill

  • Also, if I edit the WebBlocker.Mgmt policy, and uncheck the "Enable WebBlocker Override" box, save config, then refresh the problem web page, the override box goes away from the Deny message, so I must be editing the correct policy.

    Gregg Hill

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi Gregg,

    if the policies are lining up correctly and you don't see it, it's probably best to have one of the techs look at it. Could you please open a support ticket for this?

    It could be possible something isn't working properly.

    Thank you,

    -James Carson
    WatchGuard Customer Support

  • Will do!

    Gregg Hill

  • James,

    I just submitted a case on this issue.

    Gregg Hill

  • They have identified the issue as a new bug and passed it on up the support chain.

    Gregg Hill

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi GreggHill,

    Thanks for the update -- if it is a bug they should be able to get it logged and fixed in a future release. Thanks for taking the time to do that -- it helps take care of these issues as quickly as possible.

    Thank you,

    -James Carson
    WatchGuard Customer Support

  • I got an email saying they have the fix and it will be in a future release.

    Gregg Hill

Sign In to comment.