A command-line utility called WebsensePing is included as part of your Websense software installation. This utility can be used to:
|
3.
|
Enter the WebsensePing command with one or more additional parameters. For example:
|
|
3.
|
Enter the WebsenseTools -p command with one or more additional parameters. For example:
|
The "-m" parameter, followed by a number, sends one of (currently) 15 request types to Filtering Service. In addition:
|
|
-h shows a full list of supported parameters.
|
|
|
-defaults lists the default values used when no other values are specified
|
|
|
-s, followed by an IP address or host name, sends the WebsensePing query to a Filtering Service instance on another machine. For example:
|
The table below describes the 3 most common WebsensePing request types with a brief overview of the information returned by each. Detailed instructions for using HTTP lookup requests and server status requests are provided in the sections that follow.
|
|
|
|
|
|
|
Filtering Service status, current subscription count, and responsiveness.
|
|
|
|
The destination IP address, disposition (action applied to the request), and category for a specified URL, as well as several other details, including where the block message originates, and whether:
Include a user or group name or a source IP address to see how the URL is categorized and filtered for the specified client.
|
|
|
|
Used in Websense Web Security Gateway and Web Security Gateway Anywhere environments to retrieve HTTP lookup information (option 8), plus Content Gateway scanning information, for a selected URL.
|
|
|
In Websense Web Security Gateway and Gateway Anywhere deployments, WebsensePing results for scanned sites may not always match the results experienced by a user. Due to the constantly changing content of some Web 2.0 sites, dynamic categorization based on content scanning can change rapidly.
|
Use the following command see how a specified URL or destination IP address is categorized, and what action is applied to site in the Default policy (shown in the
Disposition line of the WebsensePing results). You can also use both the URL and destination IP address parameters in the same request.
Disposition = CATEGORY_NOT_BLOCKED Lookup Code = WISP_URL_OK
Category = Search Engines and Portals
Lookup Type = 0
Protocol ID = 1
Run Analytics = False
Logging Code = 1
Protocol Cache TTL = 0
URL Cache Cmd = 0
URL Cache Type = 0
URL Cache TTL = 0
Supply a URL and a user name or IP address to see how that URL is filtered for a given client. You can also provide both the user name and client IP address parameters in the same request (for example, to help determine whether a user-based or IP address-based policy is being applied).
Lookup Type = 0 Protocol ID = 1
Run Analytics = False
Logging Code = 1
Protocol Cache TTL = 0
URL Cache Cmd = 0
URL Cache Type = 0
URL Cache TTL = 0
In the following example, the user name appears in LDAP format, and a source IP address is also included. Providing both user name and source IP address helps to make sure that information for the correct policy is used to show how the request is filtered for the client.
URL = http://privacymania.info User Name = LDAP://GC OU=Technical Support,OU=US Technical
Services,DC=Test,DC=com/John Doe
Source IP = 10.201.136.14
Destination IP = 87.118.64.84
Disposition = CATEGORY_BLOCKED Lookup Code = WISP_URL_BLOCKED
Category = Proxy Avoidance
Lookup Type = 0
Protocol ID = 1
Run Analytics = True
Logging Code = 1
Protocol Cache TTL = 0
URL Cache Cmd = 0
URL Cache Type = 0
URL Cache TTL = 0
The following example uses an IP address instead of a user name, and shows results for a URL that has been recategorized. Both URL and destination IP address information are included in the request, to improve categorization results:
Disposition = CATEGORY_BLOCKED_CUSTOM_DENY Lookup Code = WISP_URL_BLOCKED
Category = Info-tainment
Lookup Type = 0
Protocol ID = 1
Run Analytics = False
Logging Code = 1
Protocol Cache TTL = 0
URL Cache Cmd = 0
URL Cache Type = 0
URL Cache TTL = 0
Use the following command to verify that Filtering Service is able to respond to URL lookup requests. If Filtering Service does not respond, it can neither filter nor log Internet traffic.
The utility sends a server status request to Filtering Service. If Filtering Service is active, you receive a response like the following:
The final line (average time per requests) shows the URL filtering lookup response time for this Filtering Service instance. If the response time is less than 100 ms, Filtering Service is functional.
An alternate command can be used to see current server status, Master Database download status, and user count (number of unique IP addresses from which Internet requests have been received by Filtering Service since midnight):
Extended information about Master Database download status for all Filtering Service instances is also available in TRITON - Web Security on the Status > Today > Database Download page.
