We're getting tons of email alerts!
Are you suddenly getting a large number of email alerts about blocking a particular website?
We use a third-party utility called BrightCloud for Web Filter's Categories information and they occasionally recategorize a particular URL as a phishing/fraud or malware website. If that site/URL(s) loads ad content on numerous websites, your Untangle will block numerous connections and generate a lot of alert emails.
BrightCloud are generally very quick to fix mis-categorizations like this, but the Web Filter engine that checks category status caches its lookups to save time. The old cached entry can still exist for a few hours, so sometimes your Untangle will continue to generate alerts even though the root cause of the problem has been fixed. Here's what you can do:
First, take a look at one of the email alerts and find the line that starts with requestLine. That entry will have the URL of the site in question:
Go to Web Filter > Advanced and click the 'Clear Category URL Cache' button:
Next, go to Web Filter > Site Lookup and try searching for the site you were alerted about:
If the URL is no longer categorized in a way that will generate alerts, great! You're all done. If it hasn't been changed, however, you can edit your alerts to ignore that particular site.
Go to Config > Events > Alerts and edit the rule that triggered the alert. (The example above was 'Phishing/Fraud website visit blocked', which is rule #14 by default.)
Click 'Add Condition', then select 'requestLine':
That will add that condition to the rule. Set it to does not contain *[url in question]* to filter out events for that specific URL:
Save your rule and you're all set.
Follow
Comments
0 comments
Please sign in to leave a comment.