Hi Grant,
Once you have added your regex to the custom URL category meant to allow the traffic you will want to grep for the access logs to determine if the requests are being applied to the correct access policy which contains the custom URL category with the regex. Also you will want to be able to read the output of the grep. You may learn how to read the access logs by logging into the GUI of the WSA -> Support and Help -> Online Help -> Click on the Search Tab -> type access logs should be page 72. . This will provide and example of the access logs and how to read them from left to right. Your going to want to focus on the access policy position in the grep out put. This will tell you which access policy the request is being applied to and if it is what you expect. Also focus on the HTTP code and HTTP transaction result code in the grep output. It should be a 200 not a TCP_Denied/403. If you see a 403 based on the request made to your URL then you have an access policy that is blocking it. If not then a packet capture from the WSA will be needed when testing the URL.
To grep the access logs for an entry, SSH into the WSA and run the following command from the CLI:
1. Grep
2. Enter the number of the log you wish to grep.
[]> 1
3. Enter the regular expression to grep.
[]> IP of the PC that the issue is being re produced on.
4. Do you want this search to be case insensitive? [Y]>
5. Do you want to search for non-matching lines? [N]>
6. Do you want to tail the logs? [N]> Yes
7. Do you want to paginate the output? [N]>
Erik Kaiser
Sincerely,
Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator
