We're getting tons of email alerts!

Are you suddenly getting a large number of email alerts about blocking a particular website?

We use a third-party company called Zvelo for Web Filter's Categories information and they occasionally recategorize a particular URL as a phishing/fraud or malware website. If that site/URL(s) loads ad content on numerous websites, your Untangle will block numerous connections and generate a lot of alert emails.

Zvelo are generally very quick to fix mis-categorizations like this, but the Web Filter engine that checks category status caches its lookups to save time. The old cached entry can still exist for a few hours, so sometimes your Untangle will continue to generate alerts even though the root cause of the problem has been fixed. Here's what you can do:

First, take a look at one of the email alerts and find the line that starts with requestLine. That entry will have the URL of the site in question:

Go to Web Filter > Advanced and click the 'Clear Category URL Cache' button:
image.png

Next, go to Web Filter > Site Lookup and try searching for the site you were alerted about:

If the URL is no longer categorized in a way that will generate alerts, great! You're all done. If it hasn't been changed, however, you can edit your alerts to ignore that particular site.

Go to Config > Events > Alerts and edit the rule that triggered the alert. (The example above was 'Phishing/Fraud website visit blocked', which is rule #14 by default.)

Click 'Add Condition', then select 'requestLine':

That will add that condition to the rule. Set it to does not contain *[url in question]* to filter out events for that specific URL:


Save your rule and you're all set.

 

 

Follow
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk