Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ametkola
Staff
Staff

Created on ‎01-22-2025 02:24 AM Edited on ‎09-26-2025 01:20 AM By Community Manager

Article Id 371581

Troubleshooting Tip: Proxy detects the website as 'Malicious Website'

Description This article describes an issue related to websites classified and being blocked by proxy as 'Malicious Website'.
Scope FortiGate, FortiProxy.
Solution

The following scenario describes an issue related to websites classified and being blocked by proxy as 'Malicious Website'.

When checking the website in the FortiGuard database: Web Filter Lookup the rating is correct.
The website used for testing in this scenario: https://sporttempel-kiel.de/.

 

explicit.png

 

id=7447901233223827892 euid=1 epid=1 dsteuid=1 dstepid=1 logflag=1 logid=0000000013 type=traffic subtype=forward level=notice eventtime=1734099638854037070
action=deny srcip=10.x.x.x srcport=54653 dstip=202.61.233.6 dstport=443 service=HTTPS proto=6 policyid=5 user=test msg="Traffic denied because of explicit proxy policy" <----
srcintf=internetproxy srcintfrole=lan dstintf=internetproxy dstintfrole=lan sessionid=284824322 crscore=30 crlevel=high craction=131072 trandisp=noop duration=0 policytype=policy sentbyte=0 rcvdbyte=0 sentpkt=0
rcvdpkt=0 app=HTTPS appcat=unscanned dstcountry=Germany srccountry=Reserved srcuuid=05b79f88-aecd-51ed-c9f8-e702f4566bbb dstuuid=81a3bda0-0aaf-51ee-5a16-44ade4b345e0 poluuid=1fad2ad8-0c25-51ee-4edc-8bb215c83fe5
agent=Chrome/131.0.0.0 policyname=Blacklist url=https://sporttempel-kiel.de/ tz=+0100 devid=FPX4KET322000032 vd=root dtime="2024-12-13 15:20:37" itime_t=1734099638 devname=PRX_FPX4KE

 

The following attribute can be verified under the web filter profile settings.

 

config webfilter profile
    edit < name >
        config ftgd-wf
            set options error-allow rate-server-ip ?

            connect-request- bypass Bypass connection which has CONNECT request.
            ftgd-disable Disable FortiGuard scanning.

        end

end

 

It is recommended to disable this option, as it can be seen from the GUI view in the web filter profile.

 

output.png

 

Note

When the 'Rate URLs by domain and IP address' option is enabled, FortiGate performs two separate rating checks with FortiGuard, one for the domain and another for the IP address.

This behavior is reflected in the Forward Traffic logs, where two consecutive connections are recorded. For example, if the domain is categorized correctly but the IP address is flagged as a Malicious Website, each access attempt generates an initial 'Accepted' log entry, immediately followed by a 'UTM-Blocked' message.

 

Related document:

Rating options 
508
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.