Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.

blocked HTTPS websites only show SSL_ERROR_RX_RECORD_TOO_LONG when Web Control is enabled

users reported sites not loading showing the error SSL_ERROR_RX_RECORD_TOO_LONG.

this is caused by intercept X Web Control function.

When I disable this feature, the websites are loading fine.

example:

https://www.weihnachtsbaum-heidelberg.de

when I check the non https version of the sites, I get a correct error message from intercept X in browser:

example:

http://www.weihnachtsbaum-heidelberg.de

This is blocked to offensive content which is also wrong.

Firefox reports SSL_ERROR_RX_RECORD_TOO_LONG

IE just says the page cannot be displayed

Edge Chromium says ERR_SSL_PROTOCOL_ERROR

Sophos, what is the problem with the SSL_ERROR_RX_RECORD_TOO_LONG error, are you using a bad certificate in Intercept X?



link truncated
[bearbeitet von: LHerzog um 2:41 PM (GMT -8) am 2 Dec 2020]
Parents
  • other examples are XXX sites where we block nudity. http works, https is showing ssl error:

  • This is expected as the endpoint proxy doesn't man in the middle HTTPS so it can't inject a block/warn page as it does for HTTP.

    You should see the alert for it in the events report though in the UI.

    The upcoming replacement I gather will do SSL inspection at the client.

    You will also see in: "C:\ProgramData\Sophos\Health\Event Store\Trail\" the JSON for the alerts. These "events.sav.webcontrol.block" type events are set with "showNotification":false so there is no desktop popup from the UI up as you would be inundated potentially.

    The old "on-premise" client used to alert all with poups by default and there was a registry key to disable it back then: Service and Support (sophos.com)

  • Thanks - great answer! It does not appear you are Sophos Staff. Are you?

    There are all those json files (will they ever be cleaned up?)

    {"resourceId":"events.sav.webcontrol.block","familyId":"{0072CE02-DFFE-4EB6-95FE-297DE91EA838}","counterName":"control","id":"{FEF78F50-82C0-4DB6-9D90-F9722DD25E96}","timeStamp":"2020-12-02T13:43:42Z","sequence":"12","showNotification":false,"app":"SAV","severity":1,"updateSummary":true,"userName":"xxxxxxxx","userSid":"xxxxxxxxx","path":"www.weihnachtsbaum-heidelberg.de","reboot":0}

    How long will it usually take that Sophos reviews a URL? The trustedsource review for UTM webfilter took usually less than 4h. Sophos now seems to take much more time

    is this the correct source for reviewing?

    https://support.sophos.com/support/s/filesubmission?language=en_US

Reply
  • Thanks - great answer! It does not appear you are Sophos Staff. Are you?

    There are all those json files (will they ever be cleaned up?)

    {"resourceId":"events.sav.webcontrol.block","familyId":"{0072CE02-DFFE-4EB6-95FE-297DE91EA838}","counterName":"control","id":"{FEF78F50-82C0-4DB6-9D90-F9722DD25E96}","timeStamp":"2020-12-02T13:43:42Z","sequence":"12","showNotification":false,"app":"SAV","severity":1,"updateSummary":true,"userName":"xxxxxxxx","userSid":"xxxxxxxxx","path":"www.weihnachtsbaum-heidelberg.de","reboot":0}

    How long will it usually take that Sophos reviews a URL? The trustedsource review for UTM webfilter took usually less than 4h. Sophos now seems to take much more time

    is this the correct source for reviewing?

    https://support.sophos.com/support/s/filesubmission?language=en_US

Children