Why is the "unavailable" category not matching a negated category list? Policy trace shows negated category as "n/a" instead of "MATCH" when URL category is "unavailable"
The "unavailable" category, is a "System Category", which means that the ProxySG wants to categorize the URL, but an error occurred trying to categorize the URL. There are a number of conditions that would cause "unavailable" to be returned. Please refer to KB article 000014680 for further details.
Negated category matches may not work as expected when ‘unavailable’ is returned.
If the ProxySG categorizes foo.com and gets ( Porn, unavailable ), then Category=Porn -> is true Category=!Games -> is “n/a”
Why? One way to think of this is that ‘unavailable’ means that categorization is broken, and the list the policy engine got is non-exhaustive. The content filter database might have returned “Games”, but instead SGOS does not know, and thus does not make decisions based on incomplete data.
Thus Blue Coat always recommends explicit handling of "unavailable". You can decide if you want to fail open or fail close for that specific case. Therefore, create policy that explicitly calls for the "unavailable" category and either ALLOW or DENY access.
Imported Document ID: 000016627
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.