Scribd
Upload
189 views121 pages

Anitha

The document details the log of a proxy transaction, including various policy checks and matches. It begins by setting transaction variables and proceeds to evaluate the request against many policy conditions, with some matches found. It ultimately allows the request and assigns category labels before concluding with timing details.

Uploaded by

Annibal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
189 views121 pages

Anitha

The document details the log of a proxy transaction, including various policy checks and matches. It begins by setting transaction variables and proceeds to evaluate the request against many policy conditions, with some matches found. It ultimately allows the request and assigns category labels before concluding with timing details.

Uploaded by

Annibal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 121

start transaction -------------------

transaction ID=9478241 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
MATCH: ALLOW condition=Combinacion_Lista_Blanca

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)
<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
miss: condition=Office365IPs
MATCH: condition=Office365URLs detect_protocol(none)

<Proxy>
miss: condition=Office365IPs
MATCH: condition=Office365URLs detect_protocol.ssl(no)

<Cache>
miss: condition=Office365IPs
MATCH: condition=Office365URLs request.icap_service(no)
response.icap_service(no)

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:47:37 UTC
CONNECT tcp://autodiscover-s.outlook.com:443/
DNS lookup was unrestricted
user: name="TERNIUM\10519230" realm=AD
authentication start 1 elapsed 0 ms
authorization start 1 elapsed 0 ms
authentication status='none' authorization status='none'
url.category: Lista_Blanca_Office365@Policy;none@YouTube;Business/Economy@Blue
Coat;Email@Blue Coat
total categorization time: 0
static categorization time: 0
server.response.code: 0
client.response.code: 200
application.name: Office 365 Exchange Online
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 69221 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 1 elapsed 0 ms
server-out: start 1 elapsed 0 ms
server-in: start 37 elapsed 0 ms
client-out: start 37 elapsed 0 ms
access-logging: start 69221 elapsed 0 ms
stop-transaction: start 69221 elapsed 0 ms
Total Policy evaluation time: 0 ms
url_categorization complete time: 1
client connection: first-response-byte 0 last-response-byte 69221
stop transaction --------------------
start transaction -------------------
transaction ID=9502171 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: url.host.substring=msn-com.akamaized.net
miss: condition=Combinacion_Lista_Negra
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
miss: client.address=Combinacion_Cloudhealth
miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
miss: condition=__CondList1Externos
miss: condition=__CondList1Externos
miss: category=bloomberg
MATCH: exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT
<Proxy>
miss: http.method=CONNECT
miss: http.method=CONNECT

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Cache>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/
Called policy definition: BC_SafeSearch_Yahoo_Rules
miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:05 UTC
GET http://google.com.br/
DNS lookup was unrestricted
Cookie: ANID=AHWqTUns2EHn81lFB0yXUbDzF-7muNBCz-Pl5U5tJLwJhC-kzQ4SQBtlUxmE2MVg
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 15 elapsed 0 ms
authorization start 15 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
url.category: none@Policy;none@YouTube;Search Engines/Portals@Blue Coat
total categorization time: 0
static categorization time: 0
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 16 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 15 elapsed 1 ms
client-out-terminated: start 16 elapsed 0 ms
access-logging: start 16 elapsed 0 ms
stop-transaction: start 16 elapsed 0 ms
Total Policy evaluation time: 1 ms
url_categorization complete time: 15
client connection: first-response-byte 0 last-response-byte 16
stop transaction --------------------
start transaction -------------------
transaction ID=9502944 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: url.host.substring=msn-com.akamaized.net
miss: condition=Combinacion_Lista_Negra
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
miss: client.address=Combinacion_Cloudhealth
miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
miss: condition=__CondList1Externos
miss: condition=__CondList1Externos
miss: category=bloomberg
MATCH: exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
MATCH: condition=Office365IPs detect_protocol(none)

<Proxy>
MATCH: condition=Office365IPs detect_protocol.ssl(no)

<Cache>
MATCH: condition=Office365IPs request.icap_service(no)
response.icap_service(no)

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/
Called policy definition: BC_SafeSearch_Ask_Rules
miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:07 UTC
CONNECT tcp://www.msn.com:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 1 elapsed 0 ms
authorization start 1 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
url.category: none@Policy;none@YouTube;Search Engines/Portals@Blue Coat
total categorization time: 0
static categorization time: 0
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 1 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 1 elapsed 0 ms
client-out-terminated: start 1 elapsed 0 ms
access-logging: start 1 elapsed 0 ms
stop-transaction: start 1 elapsed 0 ms
Total Policy evaluation time: 0 ms
url_categorization complete time: 0
client connection: first-response-byte 0 last-response-byte 1
stop transaction --------------------
start transaction -------------------
transaction ID=9502945 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: condition=__CondList1CombinacionMSN
MATCH: condition=Combinacion_Lista_Negra
force_exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Usuarios_windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Cache>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
Assigned values of transaction variables:
bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:07 UTC
CONNECT tcp://img-s-msn-com.akamaized.net:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 2 elapsed 0 ms
authorization start 2 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'force_deny' or 'force_exception' was matched in
policy
url.category: Lista_Negra@Policy;none@YouTube;Content Delivery Networks@Blue Coat
total categorization time: 0
static categorization time: 0
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 183 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 1 elapsed 1 ms
client-out-terminated: start 2 elapsed 0 ms
access-logging: start 8 elapsed 0 ms
stop-transaction: start 183 elapsed 0 ms
Total Policy evaluation time: 1 ms
url_categorization complete time: 1
client connection: first-response-byte 0 last-response-byte 8
stop transaction --------------------
start transaction -------------------
transaction ID=9502946 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: condition=__CondList1CombinacionMSN
MATCH: condition=Combinacion_Lista_Negra
force_exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Usuarios_windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP
<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Cache>
miss: condition=Office365IPs
miss: condition=Office365URLs
<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:07 UTC
CONNECT tcp://static-spartan-eus-s-msn-com.akamaized.net:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 15 elapsed 0 ms
authorization start 15 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'force_deny' or 'force_exception' was matched in
policy
url.category: Lista_Negra@Policy;none@YouTube;Content Delivery Networks@Blue Coat
total categorization time: 13
static categorization time: 13
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 182 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 13 elapsed 3 ms
client-out-terminated: start 16 elapsed 0 ms
access-logging: start 25 elapsed 0 ms
stop-transaction: start 182 elapsed 0 ms
Total Policy evaluation time: 3 ms
url_categorization complete time: 13
client connection: first-response-byte 0 last-response-byte 25
stop transaction --------------------
start transaction -------------------
transaction ID=9502975 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: condition=__CondList1CombinacionMSN
MATCH: condition=Combinacion_Lista_Negra
force_exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Usuarios_windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198
<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21
<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Cache>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains
Called policy definition: BC_SafeSearch_DuckDuckGo_Rules
miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:07 UTC
CONNECT tcp://img-s-msn-com.akamaized.net:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 2 elapsed 0 ms
authorization start 2 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'force_deny' or 'force_exception' was matched in
policy
url.category: Lista_Negra@Policy;none@YouTube;Content Delivery Networks@Blue Coat
total categorization time: 0
static categorization time: 0
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65
Transaction timing: total-transaction-time 161 ms
Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 1 elapsed 1 ms
client-out-terminated: start 2 elapsed 0 ms
access-logging: start 9 elapsed 0 ms
stop-transaction: start 161 elapsed 0 ms
Total Policy evaluation time: 1 ms
url_categorization complete time: 1
client connection: first-response-byte 0 last-response-byte 9
stop transaction --------------------
start transaction -------------------
transaction ID=9502949 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: condition=__CondList1CombinacionMSN
MATCH: condition=Combinacion_Lista_Negra
force_exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Usuarios_windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules
<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Cache>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:07 UTC
CONNECT tcp://img-s-msn-com.akamaized.net:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 2 elapsed 0 ms
authorization start 2 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'force_deny' or 'force_exception' was matched in
policy
url.category: Lista_Negra@Policy;none@YouTube;Content Delivery Networks@Blue Coat
total categorization time: 0
static categorization time: 0
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 182 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 1 elapsed 1 ms
client-out-terminated: start 2 elapsed 0 ms
access-logging: start 6 elapsed 1 ms
stop-transaction: start 182 elapsed 0 ms
Total Policy evaluation time: 2 ms
url_categorization complete time: 1
client connection: first-response-byte 0 last-response-byte 6
stop transaction --------------------
start transaction -------------------
transaction ID=9502951 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: condition=__CondList1CombinacionMSN
MATCH: condition=Combinacion_Lista_Negra
force_exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Usuarios_windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22
<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct


<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Cache>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:07 UTC
CONNECT tcp://img-s-msn-com.akamaized.net:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 1 elapsed 0 ms
authorization start 1 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'force_deny' or 'force_exception' was matched in
policy
url.category: Lista_Negra@Policy;none@YouTube;Content Delivery Networks@Blue Coat
total categorization time: 1
static categorization time: 1
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 178 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 1 elapsed 0 ms
client-out-terminated: start 1 elapsed 0 ms
access-logging: start 5 elapsed 1 ms
stop-transaction: start 178 elapsed 0 ms
Total Policy evaluation time: 1 ms
url_categorization complete time: 1
client connection: first-response-byte 0 last-response-byte 5
stop transaction --------------------
start transaction -------------------
transaction ID=9502969 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily
<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: condition=__CondList1CombinacionMSN
MATCH: condition=Combinacion_Lista_Negra
force_exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Usuarios_windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Cache>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:07 UTC
CONNECT tcp://img-s-msn-com.akamaized.net:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 2 elapsed 0 ms
authorization start 2 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'force_deny' or 'force_exception' was matched in
policy
url.category: Lista_Negra@Policy;none@YouTube;Content Delivery Networks@Blue Coat
total categorization time: 0
static categorization time: 0
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 168 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 1 elapsed 1 ms
client-out-terminated: start 2 elapsed 0 ms
access-logging: start 7 elapsed 0 ms
stop-transaction: start 168 elapsed 0 ms
Total Policy evaluation time: 1 ms
url_categorization complete time: 1
client connection: first-response-byte 0 last-response-byte 7
stop transaction --------------------
start transaction -------------------
transaction ID=9502947 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: condition=__CondList1CombinacionMSN
MATCH: condition=Combinacion_Lista_Negra
force_exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Usuarios_windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules
<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Cache>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/
Called policy definition: BC_SafeSearch_Google_Rules
miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:07 UTC
CONNECT tcp://img-s-msn-com.akamaized.net:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 2 elapsed 0 ms
authorization start 2 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'force_deny' or 'force_exception' was matched in
policy
url.category: Lista_Negra@Policy;none@YouTube;Content Delivery Networks@Blue Coat
total categorization time: 0
static categorization time: 0
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 184 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 1 elapsed 1 ms
client-out-terminated: start 2 elapsed 0 ms
access-logging: start 7 elapsed 0 ms
stop-transaction: start 184 elapsed 0 ms
Total Policy evaluation time: 1 ms
url_categorization complete time: 1
client connection: first-response-byte 0 last-response-byte 7
stop transaction --------------------
start transaction -------------------
transaction ID=9502968 type=http.proxy
<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: condition=__CondList1CombinacionMSN
MATCH: condition=Combinacion_Lista_Negra
force_exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Usuarios_windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg
<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules
<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Cache>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:07 UTC
CONNECT tcp://img-s-msn-com.akamaized.net:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 1 elapsed 0 ms
authorization start 1 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'force_deny' or 'force_exception' was matched in
policy
url.category: Lista_Negra@Policy;none@YouTube;Content Delivery Networks@Blue Coat
total categorization time: 0
static categorization time: 0
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 169 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 1 elapsed 0 ms
client-out-terminated: start 1 elapsed 0 ms
access-logging: start 9 elapsed 1 ms
stop-transaction: start 169 elapsed 0 ms
Total Policy evaluation time: 1 ms
url_categorization complete time: 0
client connection: first-response-byte 0 last-response-byte 9
stop transaction --------------------
start transaction -------------------
transaction ID=9503083 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: condition=__CondList1CombinacionMSN
MATCH: condition=Combinacion_Lista_Negra
force_exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Usuarios_windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)
<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Cache>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:07 UTC
CONNECT tcp://static-spartan-eus-s-msn-com.akamaized.net:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 2 elapsed 0 ms
authorization start 2 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'force_deny' or 'force_exception' was matched in
policy
url.category: Lista_Negra@Policy;none@YouTube;Content Delivery Networks@Blue Coat
total categorization time: 0
static categorization time: 0
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 36 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 1 elapsed 1 ms
client-out-terminated: start 2 elapsed 0 ms
access-logging: start 8 elapsed 0 ms
stop-transaction: start 36 elapsed 0 ms
Total Policy evaluation time: 1 ms
url_categorization complete time: 1
client connection: first-response-byte 0 last-response-byte 8
stop transaction --------------------
start transaction -------------------
transaction ID=9502893 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: url.host.substring=msn-com.akamaized.net
miss: condition=Combinacion_Lista_Negra
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
miss: client.address=Combinacion_Cloudhealth
miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
miss: condition=__CondList1Externos
miss: condition=__CondList1Externos
miss: category=bloomberg
MATCH: exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Cache>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:07 UTC
CONNECT tcp://acdn.adnxs.com:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 12 elapsed 0 ms
authorization start 12 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
url.category: none@Policy;none@YouTube;Web Ads/Analytics@Blue Coat
total categorization time: 11
static categorization time: 11
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 813 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 12 elapsed 1 ms
client-out-terminated: start 12 elapsed 1 ms
access-logging: start 21 elapsed 0 ms
stop-transaction: start 813 elapsed 0 ms
Total Policy evaluation time: 2 ms
url_categorization complete time: 12
client connection: first-response-byte 0 last-response-byte 21
stop transaction --------------------
start transaction -------------------
transaction ID=9503167 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: url.host.substring=msn-com.akamaized.net
miss: condition=Combinacion_Lista_Negra
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
miss: client.address=Combinacion_Cloudhealth
miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
miss: condition=__CondList1Externos
miss: condition=__CondList1Externos
miss: category=bloomberg
MATCH: exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198
<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21
<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
MATCH: condition=Office365IPs detect_protocol(none)

<Proxy>
MATCH: condition=Office365IPs detect_protocol.ssl(no)

<Cache>
MATCH: condition=Office365IPs request.icap_service(no)
response.icap_service(no)

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/
Called policy definition: BC_SafeSearch_Ask_Rules
miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:08 UTC
CONNECT tcp://www.msn.com:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 25 elapsed 0 ms
authorization start 25 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
url.category: none@Policy;none@YouTube;Search Engines/Portals@Blue Coat
total categorization time: 1
static categorization time: 1
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 26 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 25 elapsed 1 ms
client-out-terminated: start 25 elapsed 1 ms
access-logging: start 26 elapsed 0 ms
stop-transaction: start 26 elapsed 0 ms
Total Policy evaluation time: 2 ms
url_categorization complete time: 25
client connection: first-response-byte 0 last-response-byte 26
stop transaction --------------------
start transaction -------------------
transaction ID=9503033 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: url.host.substring=msn-com.akamaized.net
miss: condition=Combinacion_Lista_Negra
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
miss: client.address=Combinacion_Cloudhealth
miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
miss: condition=__CondList1Externos
miss: condition=__CondList1Externos
miss: category=bloomberg
MATCH: exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld
<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Cache>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/
Called policy definition: BC_SafeSearch_Vimeo_Rules
miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:07 UTC
CONNECT tcp://c.msn.com:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 14 elapsed 0 ms
authorization start 14 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
url.category: none@Policy;none@YouTube;Web Ads/Analytics@Blue Coat
total categorization time: 12
static categorization time: 12
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 548 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 13 elapsed 1 ms
client-out-terminated: start 14 elapsed 0 ms
access-logging: start 139 elapsed 0 ms
stop-transaction: start 548 elapsed 0 ms
Total Policy evaluation time: 1 ms
url_categorization complete time: 13
client connection: first-response-byte 0 last-response-byte 139
stop transaction --------------------
start transaction -------------------
transaction ID=9503174 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: url.host.substring=msn-com.akamaized.net
miss: condition=Combinacion_Lista_Negra
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
miss: client.address=Combinacion_Cloudhealth
miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
miss: condition=__CondList1Externos
miss: condition=__CondList1Externos
miss: category=bloomberg
MATCH: exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules
<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
MATCH: condition=Office365IPs detect_protocol(none)

<Proxy>
MATCH: condition=Office365IPs detect_protocol.ssl(no)

<Cache>
MATCH: condition=Office365IPs request.icap_service(no)
response.icap_service(no)

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains
Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:08 UTC
CONNECT tcp://www.msn.com:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like
Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 3 elapsed 1 ms
authorization start 4 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
url.category: none@Policy;none@YouTube;Search Engines/Portals@Blue Coat
total categorization time: 0
static categorization time: 0
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 4 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 3 elapsed 1 ms
client-out-terminated: start 4 elapsed 0 ms
access-logging: start 4 elapsed 0 ms
stop-transaction: start 4 elapsed 0 ms
Total Policy evaluation time: 1 ms
url_categorization complete time: 3
client connection: first-response-byte 0 last-response-byte 4
stop transaction --------------------
start transaction -------------------
transaction ID=9503188 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)
<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-
cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: url.host.substring=msn-com.akamaized.net
miss: condition=Combinacion_Lista_Negra
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
miss: client.address=Combinacion_Cloudhealth
miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
miss: condition=__CondList1Externos
miss: condition=__CondList1Externos
miss: category=bloomberg
MATCH: exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules
<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
MATCH: condition=Office365IPs detect_protocol(none)

<Proxy>
MATCH: condition=Office365IPs detect_protocol.ssl(no)

<Cache>
MATCH: condition=Office365IPs request.icap_service(no)
response.icap_service(no)

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:08 UTC
CONNECT tcp://www.msn.com:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like
Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 3 elapsed 0 ms
authorization start 3 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
url.category: none@Policy;none@YouTube;Search Engines/Portals@Blue Coat
total categorization time: 0
static categorization time: 0
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 3 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 2 elapsed 1 ms
client-out-terminated: start 3 elapsed 0 ms
access-logging: start 3 elapsed 0 ms
stop-transaction: start 3 elapsed 0 ms
Total Policy evaluation time: 1 ms
url_categorization complete time: 2
client connection: first-response-byte 0 last-response-byte 3
stop transaction --------------------
start transaction -------------------
transaction ID=9503191 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: url.host.substring=msn-com.akamaized.net
miss: condition=Combinacion_Lista_Negra
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
miss: client.address=Combinacion_Cloudhealth
miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
miss: condition=__CondList1Externos
miss: condition=__CondList1Externos
miss: category=bloomberg
MATCH: exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"
<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Cache>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:08 UTC
CONNECT tcp://www.bizographics.com:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 14 elapsed 0 ms
authorization start 14 elapsed 1 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
url.category: none@Policy;none@YouTube;Web Ads/Analytics@Blue Coat
total categorization time: 11
static categorization time: 11
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 620 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 14 elapsed 1 ms
client-out-terminated: start 15 elapsed 0 ms
access-logging: start 19 elapsed 0 ms
stop-transaction: start 620 elapsed 0 ms
Total Policy evaluation time: 1 ms
url_categorization complete time: 14
client connection: first-response-byte 0 last-response-byte 19
stop transaction --------------------
start transaction -------------------
transaction ID=9503031 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity
<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: url.host.substring=msn-com.akamaized.net
miss: condition=Combinacion_Lista_Negra
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
miss: client.address=Combinacion_Cloudhealth
miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
miss: condition=__CondList1Externos
miss: condition=__CondList1Externos
miss: category=bloomberg
MATCH: exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct


<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Cache>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>
connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080
client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:07 UTC
CONNECT tcp://otf.msn.com:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 13 elapsed 0 ms
authorization start 13 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
url.category: none@Policy;none@YouTube;Web Ads/Analytics@Blue Coat
total categorization time: 12
static categorization time: 12
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 1927 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 12 elapsed 1 ms
client-out-terminated: start 13 elapsed 0 ms
access-logging: start 19 elapsed 1 ms
stop-transaction: start 1927 elapsed 0 ms
Total Policy evaluation time: 2 ms
url_categorization complete time: 12
client connection: first-response-byte 0 last-response-byte 19
stop transaction --------------------
start transaction -------------------
transaction ID=9503027 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily
<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: url.host.substring=msn-com.akamaized.net
miss: condition=Combinacion_Lista_Negra
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
miss: client.address=Combinacion_Cloudhealth
miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
miss: condition=__CondList1Externos
miss: condition=__CondList1Externos
miss: category=bloomberg
MATCH: exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP
<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Cache>
miss: condition=Office365IPs
miss: condition=Office365URLs
<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:07 UTC
CONNECT tcp://otf.msn.com:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 14 elapsed 0 ms
authorization start 14 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
url.category: none@Policy;none@YouTube;Web Ads/Analytics@Blue Coat
total categorization time: 12
static categorization time: 12
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 1931 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 13 elapsed 1 ms
client-out-terminated: start 14 elapsed 0 ms
access-logging: start 141 elapsed 0 ms
stop-transaction: start 1931 elapsed 0 ms
Total Policy evaluation time: 1 ms
url_categorization complete time: 13
client connection: first-response-byte 0 last-response-byte 141
stop transaction --------------------
start transaction -------------------
transaction ID=9503504 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: url.host.substring=msn-com.akamaized.net
miss: condition=Combinacion_Lista_Negra
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
miss: client.address=Combinacion_Cloudhealth
miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
miss: condition=__CondList1Externos
miss: condition=__CondList1Externos
miss: category=bloomberg
MATCH: exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Cache>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:09 UTC
CONNECT tcp://otf.msn.com:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 2 elapsed 0 ms
authorization start 2 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
url.category: none@Policy;none@YouTube;Web Ads/Analytics@Blue Coat
total categorization time: 0
static categorization time: 0
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 826 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 2 elapsed 1 ms
client-out-terminated: start 2 elapsed 1 ms
access-logging: start 7 elapsed 1 ms
stop-transaction: start 826 elapsed 0 ms
Total Policy evaluation time: 3 ms
url_categorization complete time: 2
client connection: first-response-byte 0 last-response-byte 7
stop transaction --------------------
start transaction -------------------
transaction ID=9505041 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: url.host.substring=msn-com.akamaized.net
miss: condition=Combinacion_Lista_Negra
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
miss: client.address=Combinacion_Cloudhealth
miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
miss: condition=__CondList1Externos
miss: condition=__CondList1Externos
miss: category=bloomberg
MATCH: exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com
<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: http.method=CONNECT
miss: http.method=CONNECT

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Cache>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml
Called policy definition: BC_SafeSearch_Lycos_Rules
miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:14 UTC
GET http://yahoo.com.br/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 14 elapsed 0 ms
authorization start 14 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
url.category: none@Policy;none@YouTube;Search Engines/Portals@Blue Coat
total categorization time: 11
static categorization time: 11
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 14 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 13 elapsed 1 ms
client-out-terminated: start 14 elapsed 0 ms
access-logging: start 14 elapsed 0 ms
stop-transaction: start 14 elapsed 0 ms
Total Policy evaluation time: 1 ms
url_categorization complete time: 13
client connection: first-response-byte 0 last-response-byte 14
stop transaction --------------------
start transaction -------------------
transaction ID=9505053 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: url.host.substring=msn-com.akamaized.net
miss: condition=Combinacion_Lista_Negra
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
miss: client.address=Combinacion_Cloudhealth
miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
miss: condition=__CondList1Externos
miss: condition=__CondList1Externos
miss: category=bloomberg
MATCH: exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198
<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21
<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Cache>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains
Called policy definition: BC_SafeSearch_DuckDuckGo_Rules
miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:14 UTC
CONNECT tcp://otf.msn.com:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
user: name="TERNIUM\10519230" realm=AD
authentication start 1 elapsed 0 ms
authorization start 1 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
url.category: none@Policy;none@YouTube;Web Ads/Analytics@Blue Coat
total categorization time: 1
static categorization time: 1
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 1024 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 1 elapsed 1 ms
client-out-terminated: start 2 elapsed 0 ms
access-logging: start 5 elapsed 0 ms
stop-transaction: start 1024 elapsed 0 ms
Total Policy evaluation time: 1 ms
url_categorization complete time: 1
client connection: first-response-byte 0 last-response-byte 5
stop transaction --------------------
start transaction -------------------
transaction ID=9505511 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: url.host.substring=msn-com.akamaized.net
miss: condition=Combinacion_Lista_Negra
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
miss: client.address=Combinacion_Cloudhealth
miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
miss: condition=__CondList1Externos
miss: condition=__CondList1Externos
miss: category=bloomberg
MATCH: exception(user_defined.my_exception)

<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."
<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/

<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Cache>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains
Called policy definition: BC_SafeSearch_YouTube_Rules
miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:49:15 UTC
CONNECT tcp://cloud.gastecnologia.com.br:443/
DNS lookup was unrestricted
User-Agent: Warsaw/2.0;x64 Mustache/2.11.1.9
4h91buHPNugtvsApwot10SY4LqhV6awh/PGq2c31s0A=
user: name="TERNIUM\10519230" realm=AD
authentication start 1 elapsed 0 ms
authorization start 1 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
url.category: none@Policy;none@YouTube;Technology/Internet@Blue Coat
total categorization time: 0
static categorization time: 0
server.response.code: 0
client.response.code: 403
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 527 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 1 elapsed 0 ms
client-out-terminated: start 1 elapsed 0 ms
access-logging: start 6 elapsed 0 ms
stop-transaction: start 527 elapsed 0 ms
Total Policy evaluation time: 0 ms
url_categorization complete time: 0
client connection: first-response-byte 0 last-response-byte 6
stop transaction --------------------
start transaction -------------------
transaction ID=9486144 type=http.proxy

<Proxy@req-url> [builtin-prolog:372]
MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

<Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


cpl:3477]
miss: condition=__is_notify_internal

<Proxy@req-url "set notify variables"> [vpm-cpl:3962]


[Rule]
miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

<Exception@term> [builtin-prolog:246]
MATCH: t_procedure.dashboard_blocked_stats_infinity

<Exception@req-all> [builtin-prolog:237]
MATCH: t_procedure.dashboard_record_hourly

<Exception@req-all> [builtin-prolog:240]
MATCH: t_procedure.dashboard_record_daily

<Exception@req-all> [builtin-prolog:243]
MATCH: t_procedure.dashboard_record_monthly

<Proxy>
miss: client.address=10.110.46.73
miss: condition=__CondList1Combinacion_NOAUTH
MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

<Proxy>
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
miss: condition=Combinacion_Lista_Blanca
miss: url.host.substring=msn-com.akamaized.net
miss: condition=Combinacion_Lista_Negra
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
miss: client.address=Combinacion_Cloudhealth
miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
miss: condition=__CondList1Externos
miss: condition=__CondList1Externos
miss: category=bloomberg
MATCH: exception(user_defined.my_exception)
<Proxy>
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=CombinedEquiposEMC_Automacion
miss: client.address=combinacion_TERAREXHCAS
miss: client.address="CombinedSource_DGI Uruguay"
miss: condition=__CondList1ReglaFullInternetAccess_AMS
miss: condition=__CondList1Ternium
miss: client.address=TKCSA_PORTO
miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
miss: url.domain=//services.isee.hp.com/
miss: condition=WebApplication_Blacklist
miss: condition=Combinacion_bloque_Windows_Update
miss: request.application.name=Dropbox
miss: category=Lista_Negra_NormalUser
miss: condition=__CondList1CombinedDestinationBloque_URL
miss: condition=CombinacionReproductoresMedia
miss: condition=__CondList1CombinedSourceBloomberg
miss: condition=__CondList1CombinedSourceBloomberg

<Proxy>
miss: condition=__PROTO_3
miss: condition=__PROTO_3
miss: url.port=22
miss: url.port=22

<Proxy>
miss: condition=__CondList1CombinedSourceBloomberg
miss: client.address=Ternium_FTP

<ssl>
MATCH: server.certificate.validate(no)

<Proxy>
miss: client.address=10.110.50.184
MATCH: client.address=10.110.99.72 trace.request(yes)
trace.destination(Annitha)

<Cache>
miss: condition=__CondList1Sitios_SIN_Cache
miss: url.host=r.sascdn.com

<Proxy>
miss: source.port=8194
miss: source.port=8195
miss: source.port=8196
miss: source.port=8197
miss: source.port=8198

<Proxy>
miss: condition=skype

<Proxy>
miss: request.header.If-None-Match="."

<Proxy>
miss: condition=Tunnel_Exception_urld

<Proxy>
MATCH: policy.BC_SafeSearch_Ask_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Google_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_YouTube_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Lycos_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Yahoo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

<Proxy>
MATCH: policy.BC_SafeSearch_Vimeo_Rules

miss: <Proxy> realm=iwa_direct

<Cache>
miss: url.domain=//windowsupdate.com/
miss: url.domain=//c.microsoft.com/
miss: url.domain=//update.microsoft.com/
miss: url.domain=//windowsupdate.microsoft.com/
miss: url.domain=//download.windowsupdate.com/

<Proxy>
miss: condition=SSL_Disabled_Domains

<Proxy "handle HTML Notification internal requests">


miss: [Rule] variable.bc_notify1=variable.bc_notify2
[Rule]
MATCH: action.__delete_notify_cookies(yes)

<Proxy>
miss: http.method=POST
miss: http.method=POST
miss: http.method=PUT

<Proxy>
miss: url.port=21
miss: url.port=21

<Proxy>
miss: condition=IWA_SILENT_USERS

<Proxy>
miss: url.host=www.msftncsi.com
miss: url.domain=//crl.microsoft.com/
miss: url.domain=//mscrl.microsoft.com/
miss: url.domain=//verisign.com/
miss: url.domain=//watson.microsoft.com/
miss: url.domain=//trendmicro.com/
<Proxy>
miss: request.header.User-Agent="webex utiltp"
miss: request.header.User-Agent="Microsoft-CryptoAPI"
miss: request.header.User-Agent="MSUpdate"
miss: request.header.User-Agent="AVUpdate"
miss: request.header.User-Agent="ESS Update"
miss: request.header.User-Agent="iTunes"
miss: request.header.User-Agent="Stocks"
miss: request.header.User-Agent="CFNetwork"
miss: request.header.User-Agent="Shockwave Flash"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="NSPlayer"
miss: request.header.User-Agent="Windows-Media-Player"
miss: request.header.User-Agent="flash"
miss: request.header.User-Agent="Office"
miss: request.header.User-Agent="TMUFE"
miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Cache>
miss: condition=Office365IPs
miss: condition=Office365URLs

<Proxy>
miss: url.domain=//facebook.com/
miss: url.domain=//sped.fazenda.gov.br/
miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

Called policy definition: BC_SafeSearch_Lycos_Rules


miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

Called policy definition: BC_SafeSearch_Yahoo_Rules


miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

Called policy definition: BC_SafeSearch_Ask_Rules


miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

Called policy definition: BC_SafeSearch_YouTube_Rules


miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

Called policy definition: BC_SafeSearch_Vimeo_Rules


miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

Called policy definition: BC_SafeSearch_Google_Rules


miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
condition=BC_SafeSearch_MSN_Live_Bing_Domains
miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
condition=BC_SafeSearch_MSN_Live_Bing_Domains

Assigned values of transaction variables:


bc_notify1=empty1
bc_notify2=empty2
Called transaction procedure: dashboard_record_hourly
<layer>
Called transaction procedure: dashboard_record_daily
<layer>
Called transaction procedure: dashboard_blocked_stats_infinity
<layer>
Called transaction procedure: dashboard_record_monthly
<layer>

connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


client.interface=255:255.1 routing-domain=default
location-id=0 access_type=unknown
time: 2020-03-17 16:48:05 UTC
CONNECT tcp://beacons5.gvt2.com:443/
DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/80.0.3987.132 Safari/537.36
user: name="TERNIUM\10519230" realm=AD
authentication start 7 elapsed 13 ms
authorization start 20 elapsed 0 ms
authentication status='none' authorization status='none'
EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
url.category: none@Policy;none@YouTube;Technology/Internet@Blue Coat
total categorization time: 0
static categorization time: 0
server.response.code: 0
client.response.code: 200
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

Transaction timing: total-transaction-time 75049 ms


Checkpoint timings:
new-connection: start 1 elapsed 0 ms
client-in: start 6 elapsed 15 ms
client-out-terminated: start 20 elapsed 1 ms
access-logging: start 23 elapsed 0 ms
stop-transaction: start 75049 elapsed 0 ms
Total Policy evaluation time: 16 ms
url_categorization complete time: 6
client connection: first-response-byte 0 last-response-byte 23
stop transaction --------------------

You might also like