The ‘Trace URL Request’ tool is best used for diagnostics and troubleshooting of the entire policy processing framework. It returns both category information and verdict information for your URL.
You can filter by Client Name, Client IP Address, Group Name, and Policy Name.
Trace URL Request Example
The School Template Group’s Policy, we created earlier, has a ‘default’ Policy that allows Facebook, which is categorized as ‘Social Networking’. The other ‘School Hours Policy’ blocks Facebook.
In this first example, we enter the Group name, choose the default Policy, and send a request for facebook.com. You can see that the URL and the Category ‘Social Networking’ are allowed.
However, when we send a request for the ‘School Hours Policy’ you can see that the Social Networking Category and Facebook are denied.
Understanding Trace URL Output
When you enter information in the window and click the Send Request button, the output displays three columns. Additional rows will also display for denied requests to indicate what deny pages are delivered and allowed.
Step: The list or the other processing step that affected the request. i.e. the Master List, CNS, Category Custom Mapping, etc.
List URL / Keyword: The entry that was matched in the processing step. i.e. http://*.youtube.com/* could be the list entry that would match requests for YouTube.
Result: This displays the Category and Decision for the requested URL. For denied decisions, a ‘Replace URL’ displays the link to the associated deny page.
Trace URL Request Allow Request Example
In this example, the request for google is allowed and no deny page is served.
Trace URL Denied Request Example
Below is a Trace URL Request for the URL sex.com.
Step 1: Protocol CNS List:
Category: The Trace URL looked for the protocol in the CNS Category List and determined that it was an http request and assigned the Category of ‘Hypertext Transfer’. The Protocol List, by default, has two protocol entries: http and https. If it is determined that it is https, it will be categorized as Hypertext Transfer Secure.
Master List Lookup
Category: It was determined that the request was categorized as ‘Pornography’.
Policy Categories Check
Decision: It is the decision that the determined Category is denied. Please note that if the request belongs to multiple Categories and one of these Categories is denied, the request will be denied.
Response URL Test
Category: Host is an IP
Replace URL: It is determined that a replacement URL with a Deny Page will be served.
Filter Bypass List Lookup
Filter Bypass List is used to allow the deny page that is to be served and bypass the Policy Server’s filtering decision.