cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 10

Web Filter APM

Jump to solution

Our goal is to monitor a site we have filtered..

We want to try to access a particular web site that we filtered in our Web Gateway. (This is our backwards way of saying that a 'access denied' is a good thing.

Is there a way to use APM to make sure that this particular site is really filtered..

 

I have been using.. the HTTP monitor, with a External Node (I added a web site that is filtered and one that is not)

regardless of how i use the Proxy setting (using the gateway or not) all the servers come back on the test as found... no access denied.

0 Kudos
1 Solution

I opened a ticket on this and finally they tell me that because this Page is cerated with java script we cannot use this..

 

RESOLUTION:  Another bug "feature Limitation" to Orion .. We cannot get page information off any page created by Java Script..

View solution in original post

0 Kudos
17 Replies
Product Manager
Product Manager

This is definitely a job for SEUM.  Contact your Solarwinds sales rep or email sales@solarwinds.com to get a pre-release copy of SEUM you can try. SEUM should be able to handle this easily.

0 Kudos
Level 13

Did you already try enabling debug logging on application and checking probe log which should contain whole raw response to http request?

0 Kudos
Level 13

How does reply from gateway on access denial look like? I guess it should contain some good phrase to search.

One more question: is the target web site accessible when you are not using gateway (proxy)?

0 Kudos

A Standard "you cant go there" reply..  I tried filtering on the "Acess Denied" and still no go..

0 Kudos

A Standard "you cant go there" reply..  I tried filtering on the "Acess Denied" and still no go..

Can you right click on that page and select "View Source"? Then reply to this post and copy/paste the page source code into the message body and I'll take a look at it and see if we can't figure out why this isn't working.

0 Kudos

<!DOCTYPE html

 

PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

 

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<

 



html xmlns="http://www.w3.org/1999/xhtml" lang="UTF-8" xml:lang="UTF-8">

<

 



head><script type="text/javascript">

//<![CDATA[

var

 

ajax = [];function pjx(args,fname,method) { this.target=args[1]; this.args=args[0]; method=(method)?method:'GET'; if(method=='post'){method='POST';} this.method = method; this.r=ghr(); this.url = this.getURL(fname);}function formDump(){ var all = []; var fL = document.forms.length; for(var f = 0;f<fL;f++){ var els = document.forms[f].elements; for(var e in els){ var tmp = (els[e].id != undefined)? els[e].id : els[e].name; if(typeof tmp != 'string'){continue;} if(tmp){ all[all.length]=tmp} } } return all;}function getVal(id) { if (id.constructor == Function ) { return id(); } if (typeof(id)!= 'string') { return id; } var element = document.getElementById(id) || document.forms[0].elements[id]; if(!element){ alert('ERROR: Cant find HTML element with id or name: ' + id+'. Check that an element with name or id='+id+' exists'); return 0; } if(element.type == 'select-one') { if(element.selectedIndex == -1) return; var item = element[element.selectedIndex]; return item.value || item.text } if (element.type == 'select-multiple') { var ans = []; var k =0; for (var i=0;i<element.length;i++) { if (element.selected || element.checked ) { ans[k++]= element.value || element.text; } } return ans; } if(element.type == 'radio' || element.type == 'checkbox'){ var ans =[]; var elms = document.getElementsByTagName('input'); var endk = elms.length; var i =0; for(var k=0;k<endk;k++){ if(elms[k].type== element.type && elms[k].checked && elms[k].id==id){ ans[i++]=elms[k].value; } } return ans; } if( element.value == undefined ){ return element.innerHTML; }else{ return element.value; }}function fnsplit(arg) { var url=""; if(arg=='NO_CACHE'){return '&pjxrand='+Math.random()} if((typeof(arg)).toLowerCase() == 'object'){ for(var k in arg){ url += '&' + k + '=' + arg[k]; } }else if (arg.indexOf('__') != -1) { arga = arg.split(/__/); url += '&' + arga[0] +'='+ escape(arga[1]); } else { var res = getVal(arg) || ''; if(res.constructor != Array){ res = [res] } for(var i=0;i<res.length;i++) { url += '&args=' + escape(res) + '&' + arg + '=' + escape(res); } } return url;}pjx.prototype = { send2perl : function(){ var r = this.r; var dt = this.target; this.pjxInitialized(dt); var url=this.url; var postdata; if(this.method=="POST"){ var idx=url.indexOf('?'); postdata = url.substr(idx+1); url = url.substr(0,idx); } r.open(this.method,url,true); ; if(this.method=="POST"){ r.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); r.send(postdata); } if(this.method=="GET"){ r.send(null); } r.onreadystatechange = handleReturn; }, pjxInitialized : function(){}, pjxCompleted : function(){}, readyState4 : function(){ var rsp = unescape(this.r.responseText); /* the response from perl */ var splitval = '__pjx__'; /* to split text */ /* fix IE problems with undef values in an Array getting squashed*/ rsp = rsp.replace(splitval+splitval+'g',splitval+" "+splitval); var data = rsp.split(splitval); dt = this.target; if (dt.constructor != Array) { dt=[dt]; } if (data.constructor != Array) { data=[data]; } if (typeof(dt[0])!='function') { for ( var i=0; i<dt.length; i++ ) { var div = document.getElementById(dt); if (div.type =='text' || div.type=='textarea' || div.type=='hidden' ) { div.value=data; } else{ div.innerHTML = data; } } } else if (typeof(dt[0])=='function') { dt[0].apply(this,data); } this.pjxCompleted(dt); }, getURL : function(fname) { var args = this.args; var url= 'fname=' + fname; for (var i=0;i<args.length;i++) { url=url + args; } return url; }};handleReturn = function() { for( var k=0; k<ajax.length; k++ ) { if (ajax[k].r==null) { ajax.splice(k--,1); continue; } if ( ajax[k].r.readyState== 4) { ajax[k].readyState4(); ajax.splice(k--,1); continue; } }};var ghr=getghr();function getghr(){ if(typeof XMLHttpRequest != "undefined") { return function(){return new XMLHttpRequest();} } var msv= ["Msxml2.XMLHTTP.7.0", "Msxml2.XMLHTTP.6.0", "Msxml2.XMLHTTP.5.0", "Msxml2.XMLHTTP.4.0", "MSXML2.XMLHTTP.3.0", "MSXML2.XMLHTTP", "Microsoft.XMLHTTP"]; for(var j=0;j<=msv.length;j++){ try { A = new ActiveXObject(msv[j]); if(A){ return function(){return new ActiveXObject(msv[j]);} } } catch(e) { } } return false;}function jsdebug(){ var tmp = document.getElementById('pjxdebugrequest').innerHTML = "<br><pre>"; for( var i=0; i < ajax.length; i++ ) { tmp += '<a href= '+ ajax.url +' target=_blank>' + decodeURI(ajax.url) + ' </a><br>'; } document.getElementById('pjxdebugrequest').innerHTML = tmp + "</pre>";}function ajax_handle_dispute() { var args = ajax_handle_dispute.arguments; for( var i=0; i<args[0].length;i++ ) { args[0] = fnsplit(args[0]); } var l = ajax.length; ajax[l]= new pjx(args,"ajax_handle_dispute",args[2]); ajax[l].url = 'apache?' + ajax[l].url; ajax[l].send2perl(); ;}

//]]>

</

 

script>

<

 



title>Access Denied</title>

<

 



link type="image/x-icon" rel="icon" href="/favicon.ico" />

<

 



link type="image/x-icon" rel="shortcut icon" href="/favicon.ico" />

<

 



link rel="stylesheet" type="text/css" href="/barracuda.css" />

<

 



meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

</

 



head>

<

 



body content-type="text/plain; charset=UTF-8">

<

 



script language="javascript">function jsqrcb (s,u,h,e,d) {if (s='OK') {var b=document.getElementById('qrbtn');var m='Site analysis complete. Temporary access granted to '+h+'\n\n<br><br>Click <b>Proceed</b> to visit the requested site.<br>';if (e && e.length > 1) {em=String('<p>Note: An error occurred while analyzing the site to adjust the web filter policies: <i>__ERRMSG__</i>.</p><p>The site may be unavailable or otherwise blocked on your network. Contact your administrator if you need further assistance.</p>');em=em.replace(/__ERRMSG__/,e);m=m+em};document.getElementById('qrintro').innerHTML = m;b.value='Proceed';b.onclick=function(){document.location=u;return false};var f=document.getElementById('sb_reason_field');if (f) { f.disabled = true }} else {alert("Error: "+x);}}function jsqr () {document.getElementById('qrbtn').value='Analyzing site. Please wait...';ajax_handle_dispute(["_bceq",'sb_reason_field'], [jsqrcb]);}function qrrchk () {if (false) {var f=document.getElementById('sb_reason_field');if (f) {if (!f.value || String(f.value).match(/^\s*$/)) {alert('_DISPUTE_SOFTBLOCK_REASON_REQUIRED');return false;}}}return true;}</script><form method="post" action="/web/login" enctype="multipart/form-data">

<

 



input type="hidden" name="_bceq" value="U2FsdGVkX19bv6sn1GeYgQd_VtMfF_Rc9GkR-rtACRz6awSe5BkdVxLDsIAuYWCL6z9eAD5-f2gW97tGhYintfc9JTHcibeouo91ZdwLJfecNkfbbnKDJMkd2F9TEAJXDyLrtYTaaGb7lN3yh6WN_wFkWQpVhsDJmMNtZqHkkyMfGCj2J0WQbKl5pg6L4vJdLX5faNmYxurf6KNSBwWak283mfwKFo8YL7fMNRjzfSGgoIAHEueMm7w1-ekwKZJnt0qAAhuo9KjUINXdO9NY6S1ui4rXxzmf9D3ybscXQk6ntMG7fnlnZt0Eigr95E5eLat1xML_A2qnxqyLF7oBIjbKWvwJ5f1z69P9MZTgTuER7va-8jE_vWi-p8m4K8734tszSgZ7WeCZVVduUQDHLhV1OrrBhVBzmi7u9zbetwxau8UA-KMOqA1QsqtSLp2y9FDD_ovnkKArSaz_l4oL2dG9VZpCmQXkIVEz-2B6IuhS9gP5rab74UEzBFbWZsBglZiVbh4Gt-h-Wq5i_EGGtzP4CQI3DgLAqONzC8jC8rxOLVErbDAMYwXq3c2F7KPx2_LrftufpG1lsNP5KIJkjs4fo4wMJGGKMN_Ip7YO41L5XnosQueWVhg4heFAQFhnC1UxwSxIm8723ij8AjUSTukQ9QWTlbFtYUqSAc9ImygwnQHG12qstcq248t5G2ueudqk07oKly9O97QcLMoabLj8xFkkzcR5" /><table class="config_module" align="center" border="0" summary="Barracuda Login Page" cellpadding="0" cellspacing="0" width="700"><tr><td valign="top" width="100%"><img src="/web/logo" /></td></tr><tr><td bgcolor="#004699" height="3" valign="top" width="680" nowrap=""><img height="3" src="/images/transpix.gif" width="1" /></td></tr><tr><td class="config_screen" height="378" valign="top" style="background:#D9F5FF" width="100%"><table border="0" summary="Login Form Wrapper" width="100%"><tr><td valign="top" colspan="1" width="680"><table class="config_module" summary="Branding Name" width="100%"><tr><td align="center" colspan="2"><table class="config_module" border="0" width="100%"><tr><td align="left" width="20%" /><td align="center" nowrap="1" width="60%"><b><font size="4px">Access Denied</font></b></td><td align="right" width="20%"><input type="button" value="Cancel/Go back" onclick="history.go(-1);" class="new_button" /></td></tr> <tr><td align="left" width="20%" /><td align="right" colspan="2" nowrap="1" width="60%">Logged in as jwerlein </td></tr></table></td></tr> <tr><td><table class="outlined" cellpadding="0" cellspacing="0"><tr><td class="tl" /> <td class="tm" /> <td class="tr" /></tr> <tr><td class="ml" /> <td class="mm">The web site you are trying to access has been blocked by the Ashley Furniture Industries Web Filter because it is blacklisted by your system administrator. The comment from the system administrator is: <b> Blocked Domains </b> <BR><BR><BR> If you believe this is an error, there are two things you can do: <BR><BR> <H2>1. Type your Ashley Furniture username and password in the login provided below.</H2> <BR><BR> <H3>2. If that doesn&#39t work please contact the Support Center @ 1-866-289-7311 or email: supportcenter@Ashleyfurniture.com.</H3> </td> <td class="mr" /></tr> <tr><td class="bl" /> <td class="bm" /> <td class="br" /></tr></table></td></tr><tr><td><table border="0" align="center" width="95%"><tr><td align="left" width="66%">URL: http://photobucket.com</td><td rowspan="2" align="right" width="34%"><input type="hidden" name="lang_change" value="0" id="lang_change" /><select name="locale" onchange="document.getElementById('lang_change').value = 1;this.form.submit();">

<

 



option value="zh_CN">Chinese (CN)</option>

<

 



option value="zh_TW">Chinese (TW)</option>

<

 



option value="de_DE">Deutsch</option>

<

 



option value="en_US">English</option>

<

 



option value="es_ES">Espa&ntilde;ol</option>

<

 



option value="fr_FR">Fran&ccedil;ais</option>

<

 



option value="ja_JP">Japanese</option>

<

 



option value="ko_KR">Korean</option>

<

 



option value="nl_NL">Nederlands</option>

<

 



option value="pt_BR">Portuguese (BR)</option>

</

 



select></td></tr></table></td></tr><tr><td align="center"><table class="config_module" align="center" border="0" summary="Inner Form" width="400"><tr><td><table height="100%" style="padding: 2px" width="100%"><tr><td><table class="outlined" cellpadding="0" cellspacing="0"><tr><td class="tl" /> <td class="tm" /> <td class="tr" /></tr> <tr><td class="ml" /> <td class="mm"><table class="outlined" cellpadding="0" cellspacing="0"><tr><td valign="top" style="padding: 0pt 0pt 5px;" colspan="1" width="100%"><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td class="TitleLeft" /> <td class="TitleTop"><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td>Login</td></tr></table></td> <td class="TitleRight" /></tr></table></td></tr> <tr><td valign="top"><table class="config_module_inner" summary="Config Module" cellpadding="0" cellspacing="0" width="100%"><tr class="config_module_tr"><td colspan="3">You may be able to gain access by authenticating with different credentials</td></tr> <tr class="config_module_tr"><td width="90" /> <td valign="top" width="75"><b>Username:</b></td> <td valign="top" width="250"><input type="text" name="login" size="20" id="login_field" /></td></tr> <tr class="config_module_tr"><td width="90" /> <td valign="top" width="75"><b>Password:</b></td> <td valign="top" width="250"><input type="password" name="password" size="20" id="password_field" /></td> </tr> <tr class="config_module_tr"><td width="90" /> <td width="75" /> <td><input type="hidden" name="ip" value="10.10.0.136" id="ip" /><input type="submit" name="login_form_action" value="Login" class="new_button" />&nbsp</td></tr> </table></td></tr></table></td> <td class="mr" /></tr> <tr><td class="bl" /> <td class="bm" /> <td class="br" /></tr></table></td></tr></table></td></tr></table></td></tr></table></td></tr></table></td></tr> <tr><td align="right" valign="top"><a href="http://www.barracudanetworks.com?track=asg"><img src="/images/powered_by.gif" border=0 alt="Barracuda Firewall"></a> &nbsp <br /> <font color="#aaaaaa" size="-2">Copyright 2004-2009 Barracuda Networks, Inc.</font></td></tr></table></form>

</

 



body>

</

 



html>



0 Kudos

I opened a ticket on this and finally they tell me that because this Page is cerated with java script we cannot use this..

 

RESOLUTION:  Another bug "feature Limitation" to Orion .. We cannot get page information off any page created by Java Script..

View solution in original post

0 Kudos

JWERLEIN - do you want to keep the HTML posts that got scrambled?

0 Kudos

Just because its created with JavaScript shouldn't mean you're immediately stuck!  

If its JavaScript I imagine its making an AJAX request to pull that information back, so it must pass something to the backend webserver to get that data.  If you can get that query you can probably query it directly yourself, substituting the domain you want to check.

Chrome/Safari (or Firefox with firebug I think) will show you what requests are being made by the web client.

Long shot but don't give up yet 🙂

0 Kudos

<!DOCTYPE html

 

PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

 

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<

 



html xmlns="http://www.w3.org/1999/xhtml" lang="UTF-8" xml:lang="UTF-8">

<

 



head><script type="text/javascript">

//<![CDATA[

var

 

ajax = [];function pjx(args,fname,method) { this.target=args[1]; this.args=args[0]; method=(method)?method:'GET'; if(method=='post'){method='POST';} this.method = method; this.r=ghr(); this.url = this.getURL(fname);}function formDump(){ var all = []; var fL = document.forms.length; for(var f = 0;f<fL;f++){ var els = document.forms[f].elements; for(var e in els){ var tmp = (els[e].id != undefined)? els[e].id : els[e].name; if(typeof tmp != 'string'){continue;} if(tmp){ all[all.length]=tmp} } } return all;}function getVal(id) { if (id.constructor == Function ) { return id(); } if (typeof(id)!= 'string') { return id; } var element = document.getElementById(id) || document.forms[0].elements[id]; if(!element){ alert('ERROR: Cant find HTML element with id or name: ' + id+'. Check that an element with name or id='+id+' exists'); return 0; } if(element.type == 'select-one') { if(element.selectedIndex == -1) return; var item = element[element.selectedIndex]; return item.value || item.text } if (element.type == 'select-multiple') { var ans = []; var k =0; for (var i=0;i<element.length;i++) { if (element.selected || element.checked ) { ans[k++]= element.value || element.text; } } return ans; } if(element.type == 'radio' || element.type == 'checkbox'){ var ans =[]; var elms = document.getElementsByTagName('input'); var endk = elms.length; var i =0; for(var k=0;k<endk;k++){ if(elms[k].type== element.type && elms[k].checked && elms[k].id==id){ ans[i++]=elms[k].value; } } return ans; } if( element.value == undefined ){ return element.innerHTML; }else{ return element.value; }}function fnsplit(arg) { var url=""; if(arg=='NO_CACHE'){return '&pjxrand='+Math.random()} if((typeof(arg)).toLowerCase() == 'object'){ for(var k in arg){ url += '&' + k + '=' + arg[k]; } }else if (arg.indexOf('__') != -1) { arga = arg.split(/__/); url += '&' + arga[0] +'='+ escape(arga[1]); } else { var res = getVal(arg) || ''; if(res.constructor != Array){ res = [res] } for(var i=0;i<res.length;i++) { url += '&args=' + escape(res) + '&' + arg + '=' + escape(res); } } return url;}pjx.prototype = { send2perl : function(){ var r = this.r; var dt = this.target; this.pjxInitialized(dt); var url=this.url; var postdata; if(this.method=="POST"){ var idx=url.indexOf('?'); postdata = url.substr(idx+1); url = url.substr(0,idx); } r.open(this.method,url,true); ; if(this.method=="POST"){ r.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); r.send(postdata); } if(this.method=="GET"){ r.send(null); } r.onreadystatechange = handleReturn; }, pjxInitialized : function(){}, pjxCompleted : function(){}, readyState4 : function(){ var rsp = unescape(this.r.responseText); /* the response from perl */ var splitval = '__pjx__'; /* to split text */ /* fix IE problems with undef values in an Array getting squashed*/ rsp = rsp.replace(splitval+splitval+'g',splitval+" "+splitval); var data = rsp.split(splitval); dt = this.target; if (dt.constructor != Array) { dt=[dt]; } if (data.constructor != Array) { data=[data]; } if (typeof(dt[0])!='function') { for ( var i=0; i<dt.length; i++ ) { var div = document.getElementById(dt); if (div.type =='text' || div.type=='textarea' || div.type=='hidden' ) { div.value=data; } else{ div.innerHTML = data; } } } else if (typeof(dt[0])=='function') { dt[0].apply(this,data); } this.pjxCompleted(dt); }, getURL : function(fname) { var args = this.args; var url= 'fname=' + fname; for (var i=0;i<args.length;i++) { url=url + args; } return url; }};handleReturn = function() { for( var k=0; k<ajax.length; k++ ) { if (ajax[k].r==null) { ajax.splice(k--,1); continue; } if ( ajax[k].r.readyState== 4) { ajax[k].readyState4(); ajax.splice(k--,1); continue; } }};var ghr=getghr();function getghr(){ if(typeof XMLHttpRequest != "undefined") { return function(){return new XMLHttpRequest();} } var msv= ["Msxml2.XMLHTTP.7.0", "Msxml2.XMLHTTP.6.0", "Msxml2.XMLHTTP.5.0", "Msxml2.XMLHTTP.4.0", "MSXML2.XMLHTTP.3.0", "MSXML2.XMLHTTP", "Microsoft.XMLHTTP"]; for(var j=0;j<=msv.length;j++){ try { A = new ActiveXObject(msv[j]); if(A){ return function(){return new ActiveXObject(msv[j]);} } } catch(e) { } } return false;}function jsdebug(){ var tmp = document.getElementById('pjxdebugrequest').innerHTML = "<br><pre>"; for( var i=0; i < ajax.length; i++ ) { tmp += '<a href= '+ ajax.url +' target=_blank>' + decodeURI(ajax.url) + ' </a><br>'; } document.getElementById('pjxdebugrequest').innerHTML = tmp + "</pre>";}function ajax_handle_dispute() { var args = ajax_handle_dispute.arguments; for( var i=0; i<args[0].length;i++ ) { args[0] = fnsplit(args[0]); } var l = ajax.length; ajax[l]= new pjx(args,"ajax_handle_dispute",args[2]); ajax[l].url = 'apache?' + ajax[l].url; ajax[l].send2perl(); ;}

//]]>

</

 

script>

<

 



title>Access Denied</title>

<

 



link type="image/x-icon" rel="icon" href="/favicon.ico" />

<

 



link type="image/x-icon" rel="shortcut icon" href="/favicon.ico" />

<

 



link rel="stylesheet" type="text/css" href="/barracuda.css" />

<

 



meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

</

 



head>

<

 



body content-type="text/plain; charset=UTF-8">

<

 



script language="javascript">function jsqrcb (s,u,h,e,d) {if (s='OK') {var b=document.getElementById('qrbtn');var m='Site analysis complete. Temporary access granted to '+h+'\n\n<br><br>Click <b>Proceed</b> to visit the requested site.<br>';if (e && e.length > 1) {em=String('<p>Note: An error occurred while analyzing the site to adjust the web filter policies: <i>__ERRMSG__</i>.</p><p>The site may be unavailable or otherwise blocked on your network. Contact your administrator if you need further assistance.</p>');em=em.replace(/__ERRMSG__/,e);m=m+em};document.getElementById('qrintro').innerHTML = m;b.value='Proceed';b.onclick=function(){document.location=u;return false};var f=document.getElementById('sb_reason_field');if (f) { f.disabled = true }} else {alert("Error: "+x);}}function jsqr () {document.getElementById('qrbtn').value='Analyzing site. Please wait...';ajax_handle_dispute(["_bceq",'sb_reason_field'], [jsqrcb]);}function qrrchk () {if (false) {var f=document.getElementById('sb_reason_field');if (f) {if (!f.value || String(f.value).match(/^\s*$/)) {alert('_DISPUTE_SOFTBLOCK_REASON_REQUIRED');return false;}}}return true;}</script><form method="post" action="/web/login" enctype="multipart/form-data">

<

 



input type="hidden" name="_bceq" value="U2FsdGVkX19bv6sn1GeYgQd_VtMfF_Rc9GkR-rtACRz6awSe5BkdVxLDsIAuYWCL6z9eAD5-f2gW97tGhYintfc9JTHcibeouo91ZdwLJfecNkfbbnKDJMkd2F9TEAJXDyLrtYTaaGb7lN3yh6WN_wFkWQpVhsDJmMNtZqHkkyMfGCj2J0WQbKl5pg6L4vJdLX5faNmYxurf6KNSBwWak283mfwKFo8YL7fMNRjzfSGgoIAHEueMm7w1-ekwKZJnt0qAAhuo9KjUINXdO9NY6S1ui4rXxzmf9D3ybscXQk6ntMG7fnlnZt0Eigr95E5eLat1xML_A2qnxqyLF7oBIjbKWvwJ5f1z69P9MZTgTuER7va-8jE_vWi-p8m4K8734tszSgZ7WeCZVVduUQDHLhV1OrrBhVBzmi7u9zbetwxau8UA-KMOqA1QsqtSLp2y9FDD_ovnkKArSaz_l4oL2dG9VZpCmQXkIVEz-2B6IuhS9gP5rab74UEzBFbWZsBglZiVbh4Gt-h-Wq5i_EGGtzP4CQI3DgLAqONzC8jC8rxOLVErbDAMYwXq3c2F7KPx2_LrftufpG1lsNP5KIJkjs4fo4wMJGGKMN_Ip7YO41L5XnosQueWVhg4heFAQFhnC1UxwSxIm8723ij8AjUSTukQ9QWTlbFtYUqSAc9ImygwnQHG12qstcq248t5G2ueudqk07oKly9O97QcLMoabLj8xFkkzcR5" /><table class="config_module" align="center" border="0" summary="Barracuda Login Page" cellpadding="0" cellspacing="0" width="700"><tr><td valign="top" width="100%"><img src="/web/logo" /></td></tr><tr><td bgcolor="#004699" height="3" valign="top" width="680" nowrap=""><img height="3" src="/images/transpix.gif" width="1" /></td></tr><tr><td class="config_screen" height="378" valign="top" style="background:#D9F5FF" width="100%"><table border="0" summary="Login Form Wrapper" width="100%"><tr><td valign="top" colspan="1" width="680"><table class="config_module" summary="Branding Name" width="100%"><tr><td align="center" colspan="2"><table class="config_module" border="0" width="100%"><tr><td align="left" width="20%" /><td align="center" nowrap="1" width="60%"><b><font size="4px">Access Denied</font></b></td><td align="right" width="20%"><input type="button" value="Cancel/Go back" onclick="history.go(-1);" class="new_button" /></td></tr> <tr><td align="left" width="20%" /><td align="right" colspan="2" nowrap="1" width="60%">Logged in as jwerlein </td></tr></table></td></tr> <tr><td><table class="outlined" cellpadding="0" cellspacing="0"><tr><td class="tl" /> <td class="tm" /> <td class="tr" /></tr> <tr><td class="ml" /> <td class="mm">The web site you are trying to access has been blocked by the Ashley Furniture Industries Web Filter because it is blacklisted by your system administrator. The comment from the system administrator is: <b> Blocked Domains </b> <BR><BR><BR> If you believe this is an error, there are two things you can do: <BR><BR> <H2>1. Type your Ashley Furniture username and password in the login provided below.</H2> <BR><BR> <H3>2. If that doesn&#39t work please contact the Support Center @ 1-866-289-7311 or email: supportcenter@Ashleyfurniture.com.</H3> </td> <td class="mr" /></tr> <tr><td class="bl" /> <td class="bm" /> <td class="br" /></tr></table></td></tr><tr><td><table border="0" align="center" width="95%"><tr><td align="left" width="66%">URL: http://photobucket.com</td><td rowspan="2" align="right" width="34%"><input type="hidden" name="lang_change" value="0" id="lang_change" /><select name="locale" onchange="document.getElementById('lang_change').value = 1;this.form.submit();">

<

 



option value="zh_CN">Chinese (CN)</option>

<

 



option value="zh_TW">Chinese (TW)</option>

<

 



option value="de_DE">Deutsch</option>

<

 



option value="en_US">English</option>

<

 



option value="es_ES">Espa&ntilde;ol</option>

<

 



option value="fr_FR">Fran&ccedil;ais</option>

<

 



option value="ja_JP">Japanese</option>

<

 



option value="ko_KR">Korean</option>

<

 



option value="nl_NL">Nederlands</option>

<

 



option value="pt_BR">Portuguese (BR)</option>

</

 



select></td></tr></table></td></tr><tr><td align="center"><table class="config_module" align="center" border="0" summary="Inner Form" width="400"><tr><td><table height="100%" style="padding: 2px" width="100%"><tr><td><table class="outlined" cellpadding="0" cellspacing="0"><tr><td class="tl" /> <td class="tm" /> <td class="tr" /></tr> <tr><td class="ml" /> <td class="mm"><table class="outlined" cellpadding="0" cellspacing="0"><tr><td valign="top" style="padding: 0pt 0pt 5px;" colspan="1" width="100%"><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td class="TitleLeft" /> <td class="TitleTop"><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td>Login</td></tr></table></td> <td class="TitleRight" /></tr></table></td></tr> <tr><td valign="top"><table class="config_module_inner" summary="Config Module" cellpadding="0" cellspacing="0" width="100%"><tr class="config_module_tr"><td colspan="3">You may be able to gain access by authenticating with different credentials</td></tr> <tr class="config_module_tr"><td width="90" /> <td valign="top" width="75"><b>Username:</b></td> <td valign="top" width="250"><input type="text" name="login" size="20" id="login_field" /></td></tr> <tr class="config_module_tr"><td width="90" /> <td valign="top" width="75"><b>Password:</b></td> <td valign="top" width="250"><input type="password" name="password" size="20" id="password_field" /></td> </tr> <tr class="config_module_tr"><td width="90" /> <td width="75" /> <td><input type="hidden" name="ip" value="10.10.0.136" id="ip" /><input type="submit" name="login_form_action" value="Login" class="new_button" />&nbsp</td></tr> </table></td></tr></table></td> <td class="mr" /></tr> <tr><td class="bl" /> <td class="bm" /> <td class="br" /></tr></table></td></tr></table></td></tr></table></td></tr></table></td></tr></table></td></tr> <tr><td align="right" valign="top"><a href="http://www.barracudanetworks.com?track=asg"><img src="/images/powered_by.gif" border=0 alt="Barracuda Firewall"></a> &nbsp <br /> <font color="#aaaaaa" size="-2">Copyright 2004-2009 Barracuda Networks, Inc.</font></td></tr></table></form>

</

 



body>

</

 



html>



0 Kudos

Hi All,

I have been following this thread with interest as it's something that I get asked about, monitoring a web filter to make sure it is doing its job. While I appreciate that the discussions are around APM and the use of HTTP monitors I thought I would share other ways that this can be achieved.

The requests I was asked were slightly more complicated that the one described here. In my case some sites were blocked completely and others were blocked but for a select list of users with access. An example would be Facebook, some people had access to interact with members of the public where for most people it was blocked. Our challenge was then to report on blocked site activity but exclude certain users who had special access privileges.  

It is possible to monitor for blocked site access using the Solarwinds NTA product. Important thing is to get the flow data from the external interface of the web filter or by monitoring your firewall(s). In most cases the filters and firewalls won't have native flow export options so you can use port mirroring on your managed network switches. Once you configure port mirroring you can use nprobe to convert it to flow using this guide.

Once you are monitoring the traffic to/from your firewall or filter you just need to setup a custom report to focus on the traffic for the specific. If there is traffic then there are users accessing the site. An example of this is earlier I was asked to check if a web filter was  blocking access to the Spotify service. I just did a ping to www.spotify.com and I got back 78.31.8.201. I then used the site www.incidents.org to get the full subnet used, just use the IP search feature. This came back as 78.31.8.0/22. I then created a custom report to focus on this and in my case I found that users were accessing the spotify service over TCP port 4070.

When it comes to monitoring users who are using a proxy it's slightly more complicated to associate specific connections to individual users. It involves DPI which has the functionality to monitor users web activity in detail. If anyone is interested I can post more info.

Apologies if I am hijacking this thread but just thought I would share my experiences on monitoring web filters and proxy servers

Darragh

0 Kudos

Have you tried searching on anything else on that page?  Could be the Access Denied is part of an image and the system can't read the text.

0 Kudos
Level 15

Are you not setting the actual search string?  If left blank you will get a success at any web page that loads.

0 Kudos

When i set the search string it made no difference.. Initially i should only get a red 'not available' not a green 'found' ...

we are using barracuda to do our filter ... I want to find a way to make sure that the pages are blocked... via APM?

0 Kudos

Well please update the thread if you get it working.....that is a very good idea to monitor your web filtering and I'm curious to know how it works out.

0 Kudos

Here's a dumb question does accessing the site work from a browser on the polling server?  If so your server could be in a white list.   Just a thought.

0 Kudos

Nope; our Orion box is seperate from any web function... not white listed, and neither is the secondary poller or the sql box

0 Kudos