Does BlueCoat WebFilter ever use DNS as part of categorization process?
search cancel

Does BlueCoat WebFilter ever use DNS as part of categorization process?

book

Article ID: 165673

calendar_today

Updated On:

Products

ProxySG Software - SGOS Symantec WebFilter (formerly Blue Coat WebFilter - BCWF)

Issue/Introduction

The URL is looked up as requested, in whatever form — domain name or IP- it is requested. SGOS does not resolve URLs, via DNS,  before sending requests to WebPulse.

Most content filtering databases keep very up to date and accurate IP address, so a forward or reverse DNS lookup is not required. You can test whether or not an IP address, or a URL for that matter, exists in the BlueCoat WebFilter (BCWF) database if you simply use the test-url command in the command line interface (CLI) or Management Console (MC). The test-url command returns the same category information as a proxied request would return.

"Note: The latest implementations of SGOS provide two optional configurations. The first is a Dynamic Categorization (DRTR) request, and the second is Malware Feedback. You can choose to independently enable or disable both of these message types via the checkboxes provided:

  • If Dynamic Categorization is turned off, URLs from unrated sites are not sent to WebPulse, and will be handled according to policy for sites with no rating. Bluecoat strongly  encourages use of DRTR (in the background if necessary, if latency is a serious issue), as this helps WebPulse form its picture of internet traffic, to see emerging threats and improve overall categorization.
  • If Malware Feedback is turned off, WebPulse is not informed of cases where the SG detects a potential malware source (e.g., via a ProxyAV scan). BlueCoat strongly encourages that this box be checked, as this helps WebPulse see emerging threats as early as possible.