Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 6 subscribers
  • Views 13086 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bug - Improper headers for blocked content

Unknown Unknown1

Dear all,

While toying around with cURL and Sophos Anti-Virus, I noticed that the Web Protection service:

▸ Returns a 403 Forbidden error when the domain's reputation is deemed unsuitable

▸ Returns a 200 OK error when the content is blocked

Compare, for example:

▸ Loading the Sophos malware-blocking test page

$ /usr/bin/curl --compressed "http://sophostest.com/malware/" -sI
    HTTP/1.1 403 Forbidden
    Content-Length: 6865
    Content-Type: text/html; charset=UTF-8
    Cache-Control: no-cache
    Connection: close
    Proxy-Connection: close

▸ Loading the Eicar.org pseudo-virus

 
/usr/bin/curl --compressed “www.eicar.org/.../eicar.com.txt" -sI
    HTTP/1.1 200 OK
    Date: Fri, 03 Jul 2015 12:20:55 GMT
    Server: Apache
    Content-disposition: attachment; filename="eicar.com.txt"
    Cache-control: private
    Content-length: 68
    Content-Type: application/octet-stream
 
This seems to be a bug, as both attempts result in a Sophos-generated error page being displayed.
:1021180


This thread was automatically locked due to age.
Parents
  • 0

    I'm curious to hear more about your thoughts on this. Can you give me some examples of when you think this implementation of the block page could be confusing? I can't make any promises but I can definitely pass your ideas onto to the development team.

    :1021214
Reply
  • 0

    I'm curious to hear more about your thoughts on this. Can you give me some examples of when you think this implementation of the block page could be confusing? I can't make any promises but I can definitely pass your ideas onto to the development team.

    :1021214
Children
No Data
Unfiltered HTML