Indeed B, however I came to this answer because the request TO the filter is cat=255=unknown and the lookup is cat=52, so it had to do a lookup somewhere else. But indeed the urlfilter is only used when the local cache doesn't have the info and the debug output will only show something IF the urlfiler is actually used.
I think the answer is C:
Example log for no local cache case:
#id=93000 msg="pid=57 urlfilter_main-723 in main.c received pkt:count=91
"IPS and WAD will only send request to urlfilter daemon when cache is missed. "
So the WAD process by itself found the URL rating in the local cache and didn`t ask for help from the URL process as in the example.
B - we can`t know anything about CN or SNI in this debug. It is more SSL-inspection field.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
theklee
Highly Voted 1 year agoJackeD
Highly Voted 1 year, 1 month agosanfranciscoairpod
Most Recent 4 weeks agoluismanzanero
3 months, 3 weeks agoMalasxd
4 months, 3 weeks agoBob_Oso
5 months, 4 weeks agonse_student
8 months, 2 weeks agoDayvey
9 months, 2 weeks agocertifi46
10 months agoSeph1
10 months, 4 weeks agomader
11 months, 2 weeks agoSeph1
11 months, 3 weeks agoSeph1
10 months, 4 weeks agokashir
11 months, 3 weeks agosaudiboy
11 months, 4 weeks agojjejje
1 year, 1 month agoracdab
1 year, 1 month ago