New Discourse business CDNs are blocked by Websense/Forcepoint

Forum CDN assets (CSS/JS) requested from newly registed domain discourse-cdn-sjc1.com are being blocked by Forcepoint’s Websense Content Gateway. As such, I see a blank page as no CSS or JS are being loaded.

A newly registered domain seems to be one registered within the past three months.

Screenshot_2017-09-08_090939.png702×474 17.8 KB

Examples of assets blocked:

https://discourse-cdn-sjc1.com/business2/stylesheets/desktop_1_75ae712acc77530742d4e700a13e4324d9445af6.css
https://discourse-cdn-sjc1.com/business2/stylesheets/admin_1_75ae712acc77530742d4e700a13e4324d9445af6.css
https://discourse-cdn-sjc1.com/business2/stylesheets/desktop_theme_6_ecfdfa9d537c511130fa22e6c06d455723bebfb3.css

https://discourse-cdn-sjc1.com/business2/brotli_asset/locales/en-8400e6e6bca56b6780fe8c1a28ec1404252a0508f7d733cf62df4827fbb91160.js
https://discourse-cdn-sjc1.com/business2/brotli_asset/ember_jquery-a8dcbd325e04410f036f2a791d66d8316c48c5387acdd914de99a5dd6afb3cd3.js
https://discourse-cdn-sjc1.com/business2/brotli_asset/preload-store-ec90ffab9d7a6d9e507dda7cf7343e9d50b8bce624f7f44486ac8fd6b9814309.js
https://discourse-cdn-sjc1.com/business2/assets/fontawesome-webfont-2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe.woff2
https://discourse-cdn-sjc1.com/business2/brotli_asset/vendor-057c8aaf728aa3bc264d5ff93a70e003efe4f4ecdc16ba0a02d452e6e3ef4402.js
https://discourse-cdn-sjc1.com/business2/brotli_asset/pretty-text-bundle-1d1d956af8452dbb677f082b889278ad805fbd75e507d446850e2f4501919205.js
https://discourse-cdn-sjc1.com/business2/brotli_asset/application-32ee0eb39f49957f473bd029ad6658d6354086372d821191db8f144c71204468.js
https://discourse-cdn-sjc1.com/business2/brotli_asset/plugin-8bb7a7a3d6d016496acaa8df06bd691326dfec1aaf169e60160556d9794ddfbc.js
https://discourse-cdn-sjc1.com/business2/brotli_asset/plugin-third-party-f46d1c763b1f67535c7ba0e25db5ca6818914f405dcd7c5ca967d6698cee60cf.js
https://discourse-cdn-sjc1.com/business2/brotli_asset/admin-232d8cb6d24a1cd8161da8c48086b1a35b242d0b9736809c12a7ccb972a743e1.js
https://discourse-cdn-sjc1.com/business2/brotli_asset/browser-update-f57286e74ddbc53aa899689b01ef467078911e4138050c561939955849af35dd.js

Basically everything.

This seems like something that should be reported to websense, not us?

iBoss is blocking you too, they think you distribute maiware. And while I could report it to iBoss and say they are wrong, it seems like an online reputation issue Dicourse would want to correct.

I have never heard of iboss, if they have bad data that reflects poorly on them, whoever they are.

Thanks for the reply?? I’m just trying to get our users able to view a community site served up on your product. If two filtering system and blocking, that means something and I have gone back to the vendor asking them to review the classification. Like the OP, seems to not like the js and undefined reference errors. . . declare before calling. Or bash me for posting an issue, whichever.

If you’ve chosen a filter which throws up false-positives and prevents your users from using another of your services, how exactly does that become the fault of the team?

Do people contact Microsoft when an installation of Exchange is unable to relay email to an organisation which implemented crude spam heuristics? iBoss is a commercial product, if you’re paying them for support surely that’s a part of the contract?

I suggest contacting them and letting them know they are mis-classifying the URL for our CDN. If there is anything we can change on our end let us know.

I work for one of their competitors, they should have a mechanism for you to request a manual review. Same with the original post, a lock down on new URLs isn’t unusual, especially really new ones. If they don’t have a review request mechanism I’m happy to introduce you to one of our sales teams

I’m going to assume that contacting the companies in question to correct the misclassifications corrected the problem.