Scribd Logo
Upload

Welcome to Scribd!

  • Anitha

    Uploaded by

    Annibal
    137 views121 pages
    The document details the log of a proxy transaction, including various policy checks and matches. It begins by setting transaction variables and proceeds to evaluate the request against many policy conditions, with some matches found. It ultimately allows the request and assigns category labels before concluding with timing details.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document details the log of a proxy transaction, including various policy checks and matches. It begins by setting transaction variables and proceeds to evaluate the request against many policy conditions, with some matches found. It ultimately allows the request and assigns category labels before concluding with timing details.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    137 views121 pages

    Anitha

    Uploaded by

    Annibal
    The document details the log of a proxy transaction, including various policy checks and matches. It begins by setting transaction variables and proceeds to evaluate the request against many policy conditions, with some matches found. It ultimately allows the request and assigns category labels before concluding with timing details.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 121

    start transaction -------------------

    transaction ID=9478241 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    MATCH: ALLOW condition=Combinacion_Lista_Blanca

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)
    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    miss: condition=Office365IPs
    MATCH: condition=Office365URLs detect_protocol(none)

    <Proxy>
    miss: condition=Office365IPs
    MATCH: condition=Office365URLs detect_protocol.ssl(no)

    <Cache>
    miss: condition=Office365IPs
    MATCH: condition=Office365URLs request.icap_service(no)
    response.icap_service(no)

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:47:37 UTC
    CONNECT tcp://autodiscover-s.outlook.com:443/
    DNS lookup was unrestricted
    user: name="TERNIUM\10519230" realm=AD
    authentication start 1 elapsed 0 ms
    authorization start 1 elapsed 0 ms
    authentication status='none' authorization status='none'
    url.category: Lista_Blanca_Office365@Policy;none@YouTube;Business/Economy@Blue
    Coat;Email@Blue Coat
    total categorization time: 0
    static categorization time: 0
    server.response.code: 0
    client.response.code: 200
    application.name: Office 365 Exchange Online
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 69221 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 1 elapsed 0 ms
    server-out: start 1 elapsed 0 ms
    server-in: start 37 elapsed 0 ms
    client-out: start 37 elapsed 0 ms
    access-logging: start 69221 elapsed 0 ms
    stop-transaction: start 69221 elapsed 0 ms
    Total Policy evaluation time: 0 ms
    url_categorization complete time: 1
    client connection: first-response-byte 0 last-response-byte 69221
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9502171 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: url.host.substring=msn-com.akamaized.net
    miss: condition=Combinacion_Lista_Negra
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
    miss: client.address=Combinacion_Cloudhealth
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
    miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
    miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
    miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
    miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
    miss: condition=__CondList1Externos
    miss: condition=__CondList1Externos
    miss: category=bloomberg
    MATCH: exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT
    <Proxy>
    miss: http.method=CONNECT
    miss: http.method=CONNECT

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Cache>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/
    Called policy definition: BC_SafeSearch_Yahoo_Rules
    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:05 UTC
    GET http://google.com.br/
    DNS lookup was unrestricted
    Cookie: ANID=AHWqTUns2EHn81lFB0yXUbDzF-7muNBCz-Pl5U5tJLwJhC-kzQ4SQBtlUxmE2MVg
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 15 elapsed 0 ms
    authorization start 15 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
    url.category: none@Policy;none@YouTube;Search Engines/Portals@Blue Coat
    total categorization time: 0
    static categorization time: 0
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 16 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 15 elapsed 1 ms
    client-out-terminated: start 16 elapsed 0 ms
    access-logging: start 16 elapsed 0 ms
    stop-transaction: start 16 elapsed 0 ms
    Total Policy evaluation time: 1 ms
    url_categorization complete time: 15
    client connection: first-response-byte 0 last-response-byte 16
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9502944 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: url.host.substring=msn-com.akamaized.net
    miss: condition=Combinacion_Lista_Negra
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
    miss: client.address=Combinacion_Cloudhealth
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
    miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
    miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
    miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
    miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
    miss: condition=__CondList1Externos
    miss: condition=__CondList1Externos
    miss: category=bloomberg
    MATCH: exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    MATCH: condition=Office365IPs detect_protocol(none)

    <Proxy>
    MATCH: condition=Office365IPs detect_protocol.ssl(no)

    <Cache>
    MATCH: condition=Office365IPs request.icap_service(no)
    response.icap_service(no)

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/
    Called policy definition: BC_SafeSearch_Ask_Rules
    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:07 UTC
    CONNECT tcp://www.msn.com:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 1 elapsed 0 ms
    authorization start 1 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
    url.category: none@Policy;none@YouTube;Search Engines/Portals@Blue Coat
    total categorization time: 0
    static categorization time: 0
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 1 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 1 elapsed 0 ms
    client-out-terminated: start 1 elapsed 0 ms
    access-logging: start 1 elapsed 0 ms
    stop-transaction: start 1 elapsed 0 ms
    Total Policy evaluation time: 0 ms
    url_categorization complete time: 0
    client connection: first-response-byte 0 last-response-byte 1
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9502945 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: condition=__CondList1CombinacionMSN
    MATCH: condition=Combinacion_Lista_Negra
    force_exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Usuarios_windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Cache>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    Assigned values of transaction variables:
    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:07 UTC
    CONNECT tcp://img-s-msn-com.akamaized.net:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 2 elapsed 0 ms
    authorization start 2 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'force_deny' or 'force_exception' was matched in
    policy
    url.category: Lista_Negra@Policy;none@YouTube;Content Delivery Networks@Blue Coat
    total categorization time: 0
    static categorization time: 0
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 183 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 1 elapsed 1 ms
    client-out-terminated: start 2 elapsed 0 ms
    access-logging: start 8 elapsed 0 ms
    stop-transaction: start 183 elapsed 0 ms
    Total Policy evaluation time: 1 ms
    url_categorization complete time: 1
    client connection: first-response-byte 0 last-response-byte 8
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9502946 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: condition=__CondList1CombinacionMSN
    MATCH: condition=Combinacion_Lista_Negra
    force_exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Usuarios_windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP
    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Cache>
    miss: condition=Office365IPs
    miss: condition=Office365URLs
    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:07 UTC
    CONNECT tcp://static-spartan-eus-s-msn-com.akamaized.net:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 15 elapsed 0 ms
    authorization start 15 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'force_deny' or 'force_exception' was matched in
    policy
    url.category: Lista_Negra@Policy;none@YouTube;Content Delivery Networks@Blue Coat
    total categorization time: 13
    static categorization time: 13
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 182 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 13 elapsed 3 ms
    client-out-terminated: start 16 elapsed 0 ms
    access-logging: start 25 elapsed 0 ms
    stop-transaction: start 182 elapsed 0 ms
    Total Policy evaluation time: 3 ms
    url_categorization complete time: 13
    client connection: first-response-byte 0 last-response-byte 25
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9502975 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: condition=__CondList1CombinacionMSN
    MATCH: condition=Combinacion_Lista_Negra
    force_exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Usuarios_windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198
    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21
    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Cache>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains
    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules
    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:07 UTC
    CONNECT tcp://img-s-msn-com.akamaized.net:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 2 elapsed 0 ms
    authorization start 2 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'force_deny' or 'force_exception' was matched in
    policy
    url.category: Lista_Negra@Policy;none@YouTube;Content Delivery Networks@Blue Coat
    total categorization time: 0
    static categorization time: 0
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65
    Transaction timing: total-transaction-time 161 ms
    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 1 elapsed 1 ms
    client-out-terminated: start 2 elapsed 0 ms
    access-logging: start 9 elapsed 0 ms
    stop-transaction: start 161 elapsed 0 ms
    Total Policy evaluation time: 1 ms
    url_categorization complete time: 1
    client connection: first-response-byte 0 last-response-byte 9
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9502949 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: condition=__CondList1CombinacionMSN
    MATCH: condition=Combinacion_Lista_Negra
    force_exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Usuarios_windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules
    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Cache>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:07 UTC
    CONNECT tcp://img-s-msn-com.akamaized.net:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 2 elapsed 0 ms
    authorization start 2 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'force_deny' or 'force_exception' was matched in
    policy
    url.category: Lista_Negra@Policy;none@YouTube;Content Delivery Networks@Blue Coat
    total categorization time: 0
    static categorization time: 0
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 182 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 1 elapsed 1 ms
    client-out-terminated: start 2 elapsed 0 ms
    access-logging: start 6 elapsed 1 ms
    stop-transaction: start 182 elapsed 0 ms
    Total Policy evaluation time: 2 ms
    url_categorization complete time: 1
    client connection: first-response-byte 0 last-response-byte 6
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9502951 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: condition=__CondList1CombinacionMSN
    MATCH: condition=Combinacion_Lista_Negra
    force_exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Usuarios_windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22
    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct


    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Cache>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:07 UTC
    CONNECT tcp://img-s-msn-com.akamaized.net:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 1 elapsed 0 ms
    authorization start 1 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'force_deny' or 'force_exception' was matched in
    policy
    url.category: Lista_Negra@Policy;none@YouTube;Content Delivery Networks@Blue Coat
    total categorization time: 1
    static categorization time: 1
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 178 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 1 elapsed 0 ms
    client-out-terminated: start 1 elapsed 0 ms
    access-logging: start 5 elapsed 1 ms
    stop-transaction: start 178 elapsed 0 ms
    Total Policy evaluation time: 1 ms
    url_categorization complete time: 1
    client connection: first-response-byte 0 last-response-byte 5
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9502969 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily
    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: condition=__CondList1CombinacionMSN
    MATCH: condition=Combinacion_Lista_Negra
    force_exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Usuarios_windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Cache>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:07 UTC
    CONNECT tcp://img-s-msn-com.akamaized.net:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 2 elapsed 0 ms
    authorization start 2 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'force_deny' or 'force_exception' was matched in
    policy
    url.category: Lista_Negra@Policy;none@YouTube;Content Delivery Networks@Blue Coat
    total categorization time: 0
    static categorization time: 0
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 168 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 1 elapsed 1 ms
    client-out-terminated: start 2 elapsed 0 ms
    access-logging: start 7 elapsed 0 ms
    stop-transaction: start 168 elapsed 0 ms
    Total Policy evaluation time: 1 ms
    url_categorization complete time: 1
    client connection: first-response-byte 0 last-response-byte 7
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9502947 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: condition=__CondList1CombinacionMSN
    MATCH: condition=Combinacion_Lista_Negra
    force_exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Usuarios_windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules
    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Cache>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/
    Called policy definition: BC_SafeSearch_Google_Rules
    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:07 UTC
    CONNECT tcp://img-s-msn-com.akamaized.net:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 2 elapsed 0 ms
    authorization start 2 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'force_deny' or 'force_exception' was matched in
    policy
    url.category: Lista_Negra@Policy;none@YouTube;Content Delivery Networks@Blue Coat
    total categorization time: 0
    static categorization time: 0
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 184 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 1 elapsed 1 ms
    client-out-terminated: start 2 elapsed 0 ms
    access-logging: start 7 elapsed 0 ms
    stop-transaction: start 184 elapsed 0 ms
    Total Policy evaluation time: 1 ms
    url_categorization complete time: 1
    client connection: first-response-byte 0 last-response-byte 7
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9502968 type=http.proxy
    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: condition=__CondList1CombinacionMSN
    MATCH: condition=Combinacion_Lista_Negra
    force_exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Usuarios_windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg
    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules
    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Cache>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:07 UTC
    CONNECT tcp://img-s-msn-com.akamaized.net:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 1 elapsed 0 ms
    authorization start 1 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'force_deny' or 'force_exception' was matched in
    policy
    url.category: Lista_Negra@Policy;none@YouTube;Content Delivery Networks@Blue Coat
    total categorization time: 0
    static categorization time: 0
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 169 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 1 elapsed 0 ms
    client-out-terminated: start 1 elapsed 0 ms
    access-logging: start 9 elapsed 1 ms
    stop-transaction: start 169 elapsed 0 ms
    Total Policy evaluation time: 1 ms
    url_categorization complete time: 0
    client connection: first-response-byte 0 last-response-byte 9
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9503083 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: condition=__CondList1CombinacionMSN
    MATCH: condition=Combinacion_Lista_Negra
    force_exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Usuarios_windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)
    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Cache>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:07 UTC
    CONNECT tcp://static-spartan-eus-s-msn-com.akamaized.net:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 2 elapsed 0 ms
    authorization start 2 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'force_deny' or 'force_exception' was matched in
    policy
    url.category: Lista_Negra@Policy;none@YouTube;Content Delivery Networks@Blue Coat
    total categorization time: 0
    static categorization time: 0
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 36 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 1 elapsed 1 ms
    client-out-terminated: start 2 elapsed 0 ms
    access-logging: start 8 elapsed 0 ms
    stop-transaction: start 36 elapsed 0 ms
    Total Policy evaluation time: 1 ms
    url_categorization complete time: 1
    client connection: first-response-byte 0 last-response-byte 8
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9502893 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: url.host.substring=msn-com.akamaized.net
    miss: condition=Combinacion_Lista_Negra
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
    miss: client.address=Combinacion_Cloudhealth
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
    miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
    miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
    miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
    miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
    miss: condition=__CondList1Externos
    miss: condition=__CondList1Externos
    miss: category=bloomberg
    MATCH: exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Cache>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:07 UTC
    CONNECT tcp://acdn.adnxs.com:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 12 elapsed 0 ms
    authorization start 12 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
    url.category: none@Policy;none@YouTube;Web Ads/Analytics@Blue Coat
    total categorization time: 11
    static categorization time: 11
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 813 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 12 elapsed 1 ms
    client-out-terminated: start 12 elapsed 1 ms
    access-logging: start 21 elapsed 0 ms
    stop-transaction: start 813 elapsed 0 ms
    Total Policy evaluation time: 2 ms
    url_categorization complete time: 12
    client connection: first-response-byte 0 last-response-byte 21
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9503167 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: url.host.substring=msn-com.akamaized.net
    miss: condition=Combinacion_Lista_Negra
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
    miss: client.address=Combinacion_Cloudhealth
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
    miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
    miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
    miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
    miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
    miss: condition=__CondList1Externos
    miss: condition=__CondList1Externos
    miss: category=bloomberg
    MATCH: exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198
    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21
    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    MATCH: condition=Office365IPs detect_protocol(none)

    <Proxy>
    MATCH: condition=Office365IPs detect_protocol.ssl(no)

    <Cache>
    MATCH: condition=Office365IPs request.icap_service(no)
    response.icap_service(no)

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/
    Called policy definition: BC_SafeSearch_Ask_Rules
    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:08 UTC
    CONNECT tcp://www.msn.com:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 25 elapsed 0 ms
    authorization start 25 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
    url.category: none@Policy;none@YouTube;Search Engines/Portals@Blue Coat
    total categorization time: 1
    static categorization time: 1
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 26 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 25 elapsed 1 ms
    client-out-terminated: start 25 elapsed 1 ms
    access-logging: start 26 elapsed 0 ms
    stop-transaction: start 26 elapsed 0 ms
    Total Policy evaluation time: 2 ms
    url_categorization complete time: 25
    client connection: first-response-byte 0 last-response-byte 26
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9503033 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: url.host.substring=msn-com.akamaized.net
    miss: condition=Combinacion_Lista_Negra
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
    miss: client.address=Combinacion_Cloudhealth
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
    miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
    miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
    miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
    miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
    miss: condition=__CondList1Externos
    miss: condition=__CondList1Externos
    miss: category=bloomberg
    MATCH: exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld
    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Cache>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/
    Called policy definition: BC_SafeSearch_Vimeo_Rules
    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:07 UTC
    CONNECT tcp://c.msn.com:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 14 elapsed 0 ms
    authorization start 14 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
    url.category: none@Policy;none@YouTube;Web Ads/Analytics@Blue Coat
    total categorization time: 12
    static categorization time: 12
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 548 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 13 elapsed 1 ms
    client-out-terminated: start 14 elapsed 0 ms
    access-logging: start 139 elapsed 0 ms
    stop-transaction: start 548 elapsed 0 ms
    Total Policy evaluation time: 1 ms
    url_categorization complete time: 13
    client connection: first-response-byte 0 last-response-byte 139
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9503174 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: url.host.substring=msn-com.akamaized.net
    miss: condition=Combinacion_Lista_Negra
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
    miss: client.address=Combinacion_Cloudhealth
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
    miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
    miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
    miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
    miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
    miss: condition=__CondList1Externos
    miss: condition=__CondList1Externos
    miss: category=bloomberg
    MATCH: exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules
    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    MATCH: condition=Office365IPs detect_protocol(none)

    <Proxy>
    MATCH: condition=Office365IPs detect_protocol.ssl(no)

    <Cache>
    MATCH: condition=Office365IPs request.icap_service(no)
    response.icap_service(no)

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains
    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:08 UTC
    CONNECT tcp://www.msn.com:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like
    Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 3 elapsed 1 ms
    authorization start 4 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
    url.category: none@Policy;none@YouTube;Search Engines/Portals@Blue Coat
    total categorization time: 0
    static categorization time: 0
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 4 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 3 elapsed 1 ms
    client-out-terminated: start 4 elapsed 0 ms
    access-logging: start 4 elapsed 0 ms
    stop-transaction: start 4 elapsed 0 ms
    Total Policy evaluation time: 1 ms
    url_categorization complete time: 3
    client connection: first-response-byte 0 last-response-byte 4
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9503188 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)
    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-
    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: url.host.substring=msn-com.akamaized.net
    miss: condition=Combinacion_Lista_Negra
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
    miss: client.address=Combinacion_Cloudhealth
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
    miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
    miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
    miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
    miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
    miss: condition=__CondList1Externos
    miss: condition=__CondList1Externos
    miss: category=bloomberg
    MATCH: exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules
    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    MATCH: condition=Office365IPs detect_protocol(none)

    <Proxy>
    MATCH: condition=Office365IPs detect_protocol.ssl(no)

    <Cache>
    MATCH: condition=Office365IPs request.icap_service(no)
    response.icap_service(no)

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:08 UTC
    CONNECT tcp://www.msn.com:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like
    Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 3 elapsed 0 ms
    authorization start 3 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
    url.category: none@Policy;none@YouTube;Search Engines/Portals@Blue Coat
    total categorization time: 0
    static categorization time: 0
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 3 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 2 elapsed 1 ms
    client-out-terminated: start 3 elapsed 0 ms
    access-logging: start 3 elapsed 0 ms
    stop-transaction: start 3 elapsed 0 ms
    Total Policy evaluation time: 1 ms
    url_categorization complete time: 2
    client connection: first-response-byte 0 last-response-byte 3
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9503191 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: url.host.substring=msn-com.akamaized.net
    miss: condition=Combinacion_Lista_Negra
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
    miss: client.address=Combinacion_Cloudhealth
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
    miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
    miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
    miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
    miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
    miss: condition=__CondList1Externos
    miss: condition=__CondList1Externos
    miss: category=bloomberg
    MATCH: exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"
    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Cache>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:08 UTC
    CONNECT tcp://www.bizographics.com:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 14 elapsed 0 ms
    authorization start 14 elapsed 1 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
    url.category: none@Policy;none@YouTube;Web Ads/Analytics@Blue Coat
    total categorization time: 11
    static categorization time: 11
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 620 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 14 elapsed 1 ms
    client-out-terminated: start 15 elapsed 0 ms
    access-logging: start 19 elapsed 0 ms
    stop-transaction: start 620 elapsed 0 ms
    Total Policy evaluation time: 1 ms
    url_categorization complete time: 14
    client connection: first-response-byte 0 last-response-byte 19
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9503031 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity
    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: url.host.substring=msn-com.akamaized.net
    miss: condition=Combinacion_Lista_Negra
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
    miss: client.address=Combinacion_Cloudhealth
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
    miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
    miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
    miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
    miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
    miss: condition=__CondList1Externos
    miss: condition=__CondList1Externos
    miss: category=bloomberg
    MATCH: exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct


    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Cache>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>
    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080
    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:07 UTC
    CONNECT tcp://otf.msn.com:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 13 elapsed 0 ms
    authorization start 13 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
    url.category: none@Policy;none@YouTube;Web Ads/Analytics@Blue Coat
    total categorization time: 12
    static categorization time: 12
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 1927 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 12 elapsed 1 ms
    client-out-terminated: start 13 elapsed 0 ms
    access-logging: start 19 elapsed 1 ms
    stop-transaction: start 1927 elapsed 0 ms
    Total Policy evaluation time: 2 ms
    url_categorization complete time: 12
    client connection: first-response-byte 0 last-response-byte 19
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9503027 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily
    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: url.host.substring=msn-com.akamaized.net
    miss: condition=Combinacion_Lista_Negra
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
    miss: client.address=Combinacion_Cloudhealth
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
    miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
    miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
    miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
    miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
    miss: condition=__CondList1Externos
    miss: condition=__CondList1Externos
    miss: category=bloomberg
    MATCH: exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP
    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Cache>
    miss: condition=Office365IPs
    miss: condition=Office365URLs
    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:07 UTC
    CONNECT tcp://otf.msn.com:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 14 elapsed 0 ms
    authorization start 14 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
    url.category: none@Policy;none@YouTube;Web Ads/Analytics@Blue Coat
    total categorization time: 12
    static categorization time: 12
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 1931 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 13 elapsed 1 ms
    client-out-terminated: start 14 elapsed 0 ms
    access-logging: start 141 elapsed 0 ms
    stop-transaction: start 1931 elapsed 0 ms
    Total Policy evaluation time: 1 ms
    url_categorization complete time: 13
    client connection: first-response-byte 0 last-response-byte 141
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9503504 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: url.host.substring=msn-com.akamaized.net
    miss: condition=Combinacion_Lista_Negra
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
    miss: client.address=Combinacion_Cloudhealth
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
    miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
    miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
    miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
    miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
    miss: condition=__CondList1Externos
    miss: condition=__CondList1Externos
    miss: category=bloomberg
    MATCH: exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Cache>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:09 UTC
    CONNECT tcp://otf.msn.com:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 2 elapsed 0 ms
    authorization start 2 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
    url.category: none@Policy;none@YouTube;Web Ads/Analytics@Blue Coat
    total categorization time: 0
    static categorization time: 0
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 826 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 2 elapsed 1 ms
    client-out-terminated: start 2 elapsed 1 ms
    access-logging: start 7 elapsed 1 ms
    stop-transaction: start 826 elapsed 0 ms
    Total Policy evaluation time: 3 ms
    url_categorization complete time: 2
    client connection: first-response-byte 0 last-response-byte 7
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9505041 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: url.host.substring=msn-com.akamaized.net
    miss: condition=Combinacion_Lista_Negra
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
    miss: client.address=Combinacion_Cloudhealth
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
    miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
    miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
    miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
    miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
    miss: condition=__CondList1Externos
    miss: condition=__CondList1Externos
    miss: category=bloomberg
    MATCH: exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com
    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: http.method=CONNECT
    miss: http.method=CONNECT

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Cache>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml
    Called policy definition: BC_SafeSearch_Lycos_Rules
    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:14 UTC
    GET http://yahoo.com.br/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 14 elapsed 0 ms
    authorization start 14 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
    url.category: none@Policy;none@YouTube;Search Engines/Portals@Blue Coat
    total categorization time: 11
    static categorization time: 11
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 14 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 13 elapsed 1 ms
    client-out-terminated: start 14 elapsed 0 ms
    access-logging: start 14 elapsed 0 ms
    stop-transaction: start 14 elapsed 0 ms
    Total Policy evaluation time: 1 ms
    url_categorization complete time: 13
    client connection: first-response-byte 0 last-response-byte 14
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9505053 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: url.host.substring=msn-com.akamaized.net
    miss: condition=Combinacion_Lista_Negra
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
    miss: client.address=Combinacion_Cloudhealth
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
    miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
    miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
    miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
    miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
    miss: condition=__CondList1Externos
    miss: condition=__CondList1Externos
    miss: category=bloomberg
    MATCH: exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198
    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21
    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Cache>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains
    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules
    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:14 UTC
    CONNECT tcp://otf.msn.com:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    user: name="TERNIUM\10519230" realm=AD
    authentication start 1 elapsed 0 ms
    authorization start 1 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
    url.category: none@Policy;none@YouTube;Web Ads/Analytics@Blue Coat
    total categorization time: 1
    static categorization time: 1
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 1024 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 1 elapsed 1 ms
    client-out-terminated: start 2 elapsed 0 ms
    access-logging: start 5 elapsed 0 ms
    stop-transaction: start 1024 elapsed 0 ms
    Total Policy evaluation time: 1 ms
    url_categorization complete time: 1
    client connection: first-response-byte 0 last-response-byte 5
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9505511 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: url.host.substring=msn-com.akamaized.net
    miss: condition=Combinacion_Lista_Negra
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
    miss: client.address=Combinacion_Cloudhealth
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
    miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
    miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
    miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
    miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
    miss: condition=__CondList1Externos
    miss: condition=__CondList1Externos
    miss: category=bloomberg
    MATCH: exception(user_defined.my_exception)

    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."
    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/

    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Cache>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains
    Called policy definition: BC_SafeSearch_YouTube_Rules
    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:49:15 UTC
    CONNECT tcp://cloud.gastecnologia.com.br:443/
    DNS lookup was unrestricted
    User-Agent: Warsaw/2.0;x64 Mustache/2.11.1.9
    4h91buHPNugtvsApwot10SY4LqhV6awh/PGq2c31s0A=
    user: name="TERNIUM\10519230" realm=AD
    authentication start 1 elapsed 0 ms
    authorization start 1 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
    url.category: none@Policy;none@YouTube;Technology/Internet@Blue Coat
    total categorization time: 0
    static categorization time: 0
    server.response.code: 0
    client.response.code: 403
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 527 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 1 elapsed 0 ms
    client-out-terminated: start 1 elapsed 0 ms
    access-logging: start 6 elapsed 0 ms
    stop-transaction: start 527 elapsed 0 ms
    Total Policy evaluation time: 0 ms
    url_categorization complete time: 0
    client connection: first-response-byte 0 last-response-byte 6
    stop transaction --------------------
    start transaction -------------------
    transaction ID=9486144 type=http.proxy

    <Proxy@req-url> [builtin-prolog:372]
    MATCH: variable.bc_notify1(empty1) variable.bc_notify2(empty2)

    <Cache@req-url "suppress DRTR for HTML Notification internal URLs"> [vpm-


    cpl:3477]
    miss: condition=__is_notify_internal

    <Proxy@req-url "set notify variables"> [vpm-cpl:3962]


    [Rule]
    miss: url.regex="(.*)/notify-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/accepted-SplashStreaming\?([^;]+);(.*)"
    miss: url.regex="(.*)/verify-SplashStreaming\?([^;]+);(.*)"

    <Exception@term> [builtin-prolog:246]
    MATCH: t_procedure.dashboard_blocked_stats_infinity

    <Exception@req-all> [builtin-prolog:237]
    MATCH: t_procedure.dashboard_record_hourly

    <Exception@req-all> [builtin-prolog:240]
    MATCH: t_procedure.dashboard_record_daily

    <Exception@req-all> [builtin-prolog:243]
    MATCH: t_procedure.dashboard_record_monthly

    <Proxy>
    miss: client.address=10.110.46.73
    miss: condition=__CondList1Combinacion_NOAUTH
    MATCH: authenticate(ad) authenticate.force(no) authenticate.mode(proxy-ip)

    <Proxy>
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=__CondList1Combinacion_Lista_Blaca_Windows_Update
    miss: condition=Combinacion_Lista_Blanca
    miss: url.host.substring=msn-com.akamaized.net
    miss: condition=Combinacion_Lista_Negra
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Vip
    miss: client.address=Combinacion_Cloudhealth
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_AdvancedUsers
    miss: condition=GG_TX_Proxy_Advanced_Users_bloqueo
    miss: condition=GG_TX_RedesSociales_AllUsers_PERMITIDAS
    miss: condition=__CondList1CombinacionGG_TX_RedesSociales_AllUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_NormalUsers
    miss: condition=__CondList1CombinacionGG_Tx_Proxy_Contratistas
    miss: condition=__CondList1CombinacionCategoriasBloqueadasContratistas
    miss: condition=__CondList1Externos
    miss: condition=__CondList1Externos
    miss: category=bloomberg
    MATCH: exception(user_defined.my_exception)
    <Proxy>
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=CombinedEquiposEMC_Automacion
    miss: client.address=combinacion_TERAREXHCAS
    miss: client.address="CombinedSource_DGI Uruguay"
    miss: condition=__CondList1ReglaFullInternetAccess_AMS
    miss: condition=__CondList1Ternium
    miss: client.address=TKCSA_PORTO
    miss: condition=__CondList1CombinacionWhatsapp_y_WSUS
    miss: url.domain=//services.isee.hp.com/
    miss: condition=WebApplication_Blacklist
    miss: condition=Combinacion_bloque_Windows_Update
    miss: request.application.name=Dropbox
    miss: category=Lista_Negra_NormalUser
    miss: condition=__CondList1CombinedDestinationBloque_URL
    miss: condition=CombinacionReproductoresMedia
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: condition=__CondList1CombinedSourceBloomberg

    <Proxy>
    miss: condition=__PROTO_3
    miss: condition=__PROTO_3
    miss: url.port=22
    miss: url.port=22

    <Proxy>
    miss: condition=__CondList1CombinedSourceBloomberg
    miss: client.address=Ternium_FTP

    <ssl>
    MATCH: server.certificate.validate(no)

    <Proxy>
    miss: client.address=10.110.50.184
    MATCH: client.address=10.110.99.72 trace.request(yes)
    trace.destination(Annitha)

    <Cache>
    miss: condition=__CondList1Sitios_SIN_Cache
    miss: url.host=r.sascdn.com

    <Proxy>
    miss: source.port=8194
    miss: source.port=8195
    miss: source.port=8196
    miss: source.port=8197
    miss: source.port=8198

    <Proxy>
    miss: condition=skype

    <Proxy>
    miss: request.header.If-None-Match="."

    <Proxy>
    miss: condition=Tunnel_Exception_urld

    <Proxy>
    MATCH: policy.BC_SafeSearch_Ask_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Google_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_YouTube_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Lycos_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_MSN_Live_Bing_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Yahoo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_DuckDuckGo_Rules

    <Proxy>
    MATCH: policy.BC_SafeSearch_Vimeo_Rules

    miss: <Proxy> realm=iwa_direct

    <Cache>
    miss: url.domain=//windowsupdate.com/
    miss: url.domain=//c.microsoft.com/
    miss: url.domain=//update.microsoft.com/
    miss: url.domain=//windowsupdate.microsoft.com/
    miss: url.domain=//download.windowsupdate.com/

    <Proxy>
    miss: condition=SSL_Disabled_Domains

    <Proxy "handle HTML Notification internal requests">


    miss: [Rule] variable.bc_notify1=variable.bc_notify2
    [Rule]
    MATCH: action.__delete_notify_cookies(yes)

    <Proxy>
    miss: http.method=POST
    miss: http.method=POST
    miss: http.method=PUT

    <Proxy>
    miss: url.port=21
    miss: url.port=21

    <Proxy>
    miss: condition=IWA_SILENT_USERS

    <Proxy>
    miss: url.host=www.msftncsi.com
    miss: url.domain=//crl.microsoft.com/
    miss: url.domain=//mscrl.microsoft.com/
    miss: url.domain=//verisign.com/
    miss: url.domain=//watson.microsoft.com/
    miss: url.domain=//trendmicro.com/
    <Proxy>
    miss: request.header.User-Agent="webex utiltp"
    miss: request.header.User-Agent="Microsoft-CryptoAPI"
    miss: request.header.User-Agent="MSUpdate"
    miss: request.header.User-Agent="AVUpdate"
    miss: request.header.User-Agent="ESS Update"
    miss: request.header.User-Agent="iTunes"
    miss: request.header.User-Agent="Stocks"
    miss: request.header.User-Agent="CFNetwork"
    miss: request.header.User-Agent="Shockwave Flash"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="NSPlayer"
    miss: request.header.User-Agent="Windows-Media-Player"
    miss: request.header.User-Agent="flash"
    miss: request.header.User-Agent="Office"
    miss: request.header.User-Agent="TMUFE"
    miss: request.header.User-Agent="62691CB3BF62DAF233FB2C02782E7BD2"

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Cache>
    miss: condition=Office365IPs
    miss: condition=Office365URLs

    <Proxy>
    miss: url.domain=//facebook.com/
    miss: url.domain=//sped.fazenda.gov.br/
    miss: url.domain=//ternium.com.ar/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.mx/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.co/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.br/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com.uy/Autodiscover/Autodiscover.xml
    miss: url.domain=//ternium.com/Autodiscover/Autodiscover.xml
    miss: url.domain=//tessa.com.uy/Autodiscover/Autodiscover.xml

    Called policy definition: BC_SafeSearch_Lycos_Rules


    miss: <Proxy BC_SafeSearch_Lycos> url.domain=//lycos.com/

    Called policy definition: BC_SafeSearch_Yahoo_Rules


    miss: <Proxy BC_SafeSearch_Yahoo_cookies> condition=BC_SafeSearch_Yahoo_Domains
    miss: <Proxy BC_SafeSearch_Yahoo_query> condition=BC_SafeSearch_Yahoo_Domains

    Called policy definition: BC_SafeSearch_DuckDuckGo_Rules


    miss: <Proxy BC_SafeSearch_DuckDuckGo_query> url.domain=//duckduckgo.com/

    Called policy definition: BC_SafeSearch_Ask_Rules


    miss: <Proxy BC_SafeSearch_Ask_query> condition=BC_SafeSearch_Ask_Domains

    Called policy definition: BC_SafeSearch_YouTube_Rules


    miss: <Proxy BC_SafeSearch_YouTube_cookies> url.domain=//youtube.com/

    Called policy definition: BC_SafeSearch_Vimeo_Rules


    miss: <Proxy BC_SafeSearch_Vimeo_cookies> url.domain=//vimeo.com/

    Called policy definition: BC_SafeSearch_Google_Rules


    miss: <Proxy BC_SafeSearch_Google_query> condition=BC_SafeSearch_Google_Domains
    miss: <Proxy BC_SafeSearch_Google_SetPref> condition=BC_SafeSearch_Google_Domains

    Called policy definition: BC_SafeSearch_MSN_Live_Bing_Rules


    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_cookies>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains
    miss: <Proxy BC_SafeSearch_MSN_Live_Bing_query>
    condition=BC_SafeSearch_MSN_Live_Bing_Domains

    Assigned values of transaction variables:


    bc_notify1=empty1
    bc_notify2=empty2
    Called transaction procedure: dashboard_record_hourly
    <layer>
    Called transaction procedure: dashboard_record_daily
    <layer>
    Called transaction procedure: dashboard_blocked_stats_infinity
    <layer>
    Called transaction procedure: dashboard_record_monthly
    <layer>

    connection: service.name=Explicit HTTP client.address=10.110.99.72 proxy.port=8080


    client.interface=255:255.1 routing-domain=default
    location-id=0 access_type=unknown
    time: 2020-03-17 16:48:05 UTC
    CONNECT tcp://beacons5.gvt2.com:443/
    DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
    like Gecko) Chrome/80.0.3987.132 Safari/537.36
    user: name="TERNIUM\10519230" realm=AD
    authentication start 7 elapsed 13 ms
    authorization start 20 elapsed 0 ms
    authentication status='none' authorization status='none'
    EXCEPTION(my_exception): Either 'deny' or 'exception' was matched in policy
    url.category: none@Policy;none@YouTube;Technology/Internet@Blue Coat
    total categorization time: 0
    static categorization time: 0
    server.response.code: 0
    client.response.code: 200
    application.name: none
    application.operation: none
    application.group: none
    DSCP client outbound: 65
    DSCP server outbound: 65

    Transaction timing: total-transaction-time 75049 ms


    Checkpoint timings:
    new-connection: start 1 elapsed 0 ms
    client-in: start 6 elapsed 15 ms
    client-out-terminated: start 20 elapsed 1 ms
    access-logging: start 23 elapsed 0 ms
    stop-transaction: start 75049 elapsed 0 ms
    Total Policy evaluation time: 16 ms
    url_categorization complete time: 6
    client connection: first-response-byte 0 last-response-byte 23
    stop transaction --------------------

    You might also like