Default error handler rule set

Keep connection always alive

Always –> Stop Cycle

When the rule is executed, it stops the current processing cycle. The rule is always executed when the criteria of its rule set is matched. Stopping the processing cycle prevents the connection from being closed in the course of further rule processing.

The rule is not enabled by default.

Create notification message

Always –> Continue – Set User-Defined.loadMessage =

“CPU load at “

+ Number.ToString (Statistics.Counter.GetCurrent(“CPULoad”)<Default>)

+ “%”

The rule is always executed when the criteria of its rule set is matched.

The rule then uses an event to set a user-defined property to a chain of values that make up a message text about the CPU overload.

The Continue action lets processing continue with the next rule.

Send SNMP trap and other rules

Always –> Continue – ...

The Send SNMP trap rule and other rules in the rule set are always executed when the rule set criteria is

matched.

The rules then use different events for taking measures to make the administrator aware of the CPU overload.

These rules are not enabled by default.

Create notification message

Always –> Continue – Set User-Defined.cacheMessage =

“Cache partition usage at “

+Number.ToString (Statistics.Counter.GetCurrent(“WebCacheDiskUsage”)<Default>)

+ “%”

The rule is always executed when the criteria of its rule set is matched.

The rule then uses two events to set user-defined properties. One of these properties is set to the number of requests that are currently processed on the appliance per second. The other is set to a chain of values that make up a message text about the web cache usage..

The Continue action lets processing continue with the next rule.

Send SNMP trap and other rules

Always –> Continue – ...

The Send SNMP trap rule and other rules in the rule set are always executed when the rule set criteria is matched.

The rules then use different events for taking measures to make the administrator aware of the web cache usage.

These rules are not enabled by default.

Create notification message

Always –> Continue – Set User-Defined.requestsPerSecond =

Statistics.Counter.GetCurrent(“HttpRequests”)<Default>)

/ 60

Set User-Defined.requestLoadMessage =

“detected high load: ”

+ Number.ToString (User-Defined.requestsPerSecond)

+ “requests per second”

The rule is always executed when the criteria of its rule set is matched.

The rule then uses two events to set user-defined properties. One of these properties is set to the number of requests that are currently processed on an appliance per second. The other is set to a chain of values that make up a message text about this number.

The Continue action lets processing continue with the next rule.

Send SNMP trap and other rules

Always –> Continue – ...

The Send SNMP trap rule and other rules in the rule set are always executed when the rule set criteria is matched.

The rules then use different events for taking measures to make the administrator aware of the request overload.

These rules are not enabled by default.

Create notification message

Incident.ID equals 501 –> Continue – Set User-Defined.notificationMessage =

“License expires in ”

+ Number.ToString (License.RemainingDays)

+ “ days”

The rule is always executed when the criteria of its rule set is matched.

The rule then uses an event to set a user-defined property to a chain of values that make up a message text on the remaining number of days for your license.

The Continue action lets processing continue with the next rule.

Create syslog entry

Always –> Continue – ...

The Create syslog entry rule and other rules in the rule set check the value of the Incident.ID property in the same way as the Create notification message rule and use different events to take measures if this value is 501.

These rules are not enabled by default.

Create update incident message

Always –> Continue – Set User-Defined.eventMessage =

“Update Event triggered [“

+ Number.ToString (Incident.ID)

+ “]:”

+ Incident.Description

+ “; origin:”

+ Incident.OriginNamey

+ “; severity:”

+ Number.ToString (Incident.Severity)

The rule is always executed when the criteria of its rule set is matched.

The rule then uses an event to set a user-defined property to a chain of values that make up a message text about the update incident. The message includes values for several incident properties.

The Continue action lets processing continue with the next rule.

Create syslog entry

Always –> Continue – ...

The Create syslog entry rule and other rules in the rule set use different events to take measures if the respective rule criteria is matched.

These rules are not enabled by default.

Create license incident message

Always –> Continue – Set User-Defined.notificationMessage =

“A log file cannot be pushed. Please have a look at the mwg-logfilemanager errors log (/opt/mwg/log/mwg-errors/mwg-logmanager.errors.log).”

The rule checks whether the value of the Incident.ID property is 501, which indicates that the Log File manager could not push a log file.

If this is the case, the rule uses an event to set a user-defined property for sending a notification message to a string value that is the text of this message.

The Continue action lets processing continue with the next rule.

Create syslog entry

Always –> Continue – ...

The Create syslog entry rule and other rules in the rule set use different events to take measures if the respective rule criteria is matched.

These rules are not enabled by default.

Block if Anti-Malware engine cannot be loaded

Error.ID equals 14000 –> Block<Cannot Load Anti-Malware>

The rule blocks access to all web objects when the value of the Error.ID property is 14000, which indicates an error that prevents the Anti-Malware module (also known as engine) from loading.

The action settings specify a message to a requesting user.

Block if Anti-Malware engine is overloaded

Error.ID equals 14001 –> Block<Anti-Malware Engine Overloaded>

The rule blocks access to all web objects when the value of the Error.ID property is 14001, which indicates all connections to the Anti-Malware module (also known as engine) are currently in use and the module is overloaded.

The action settings specify a message to a requesting user.

Block if the URL Filter engine cannot be loaded

Error.ID equals 15000 OR Error.ID equals 15002 OR Error.ID equals 15004 OR Error.ID equals15005 –>Block<Cannot Load URL Filter>

The rule blocks all requests for web access when the value of the Error.ID property is one of those specified in the rule criteria. These values indicate errors that prevent the URL Filter module (also known as engine) from loading.

The action settings specify a message to a requesting user.

Block all other internal URL Filter errors

Always –> Block<Internal URL Filter Error>

The rule is always executed when its rule set applies and the rule preceding it in the rule set has not been executed. The rule then blocks all requests for web access.

The action settings specify a message to a requesting user.

Always block

Always –> Block<Internal Error>

The rule blocks access to all web objects when an internal error occurs.

The action settings specify a message to a user who requested access.

The rule in this rule set is for handling internal errors on the appliance. It is executed at the time when an internal error occurs, which can, of course, not be predicted and can happen at any time during the filtering process or not at all. In this sense, processing the rule is not part of the normal process flow.

After executing the blocking, the rule stops all further processing of rules for the requests,responses, or embedded objects that were being filtered when the internal error occurred.

This way it is ensured that no malicious or inappropriate web objects enter your network or leave it while the appliance is not fully available.

The process flow continues when the next request is received if the internal error did not lead to a general interruption of the appliance functions.