What is meant by "AppProxy_NewTor" in real-time probes?


This article applies to:

  • WF/WFR/R3000

Question:

  • What is meant by "AppProxy_NewTor" in real-time probes?

Information:

Enabling System>Control> Filter>Pattern Service turns on the signature pattern feature. The filter has a pre-built signature pattern detection list that detects any P2P, proxy and chat patterns.

In 2010 a new pattern detection was added called AppProxy_NewTor, and it could result in overblocking in some situations.  Please note that adding sites to a white-list will not exempt them detection of the AppProxy_NewTor pattern.  Adding the site's IP to the pattern whitelist will exempt that individual IP, but other IPs could come up later.  Blocks for this pattern can be seen in real-time probes, as shown below:

 

 

 

 

Two options are available:

1. Upgrade to 5.0.20, which includes an enhanced method of enforcing this pattern.

or

2. If you cannot upgrade, then call tech support for a hot fix to the back end and Enable "Proxy Port 80 Settings" in the GUI, as shown below:

 


Last Modified 2/18/2013.
https://support.trustwave.com/kb/KnowledgebaseArticle15130.aspx