Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 4262 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SophosXL lookups

MichaelGioia

I have an acceleration network device that is trying to accelerate the SophosXL HTTP lookups.

https://community.sophos.com/kb/en-us/117936

http.0X.a.sophosxl.net        HTTP         SXL3.1         Web category lookups (Web control), Web protection
http.0X.s.sophosxl.net        HTTP         SXL3.1         Alias for above Web category lookups (Web control)

I need to whitelist them.. there's no need for acceleration to be performed on this HTTP.. pointless.. and it overloads the engine.

Now.. that is the hard part now.. trying to whitelist these...

Strangely... if you nslookup against http.00.a.sophosxl.net and http.00.s.sophosxl.net you only get one IP address coming back (say.. as opposed to, nslookup'ing google.com).

But there is some DNS round-robin'ing/CDN on this service.. because last octet's bounce around the 54.251.46.0 /24 range (or that's as narrowed down as I can see).

It would be nice if we have a dedicated range to this service ? IP wise ?

Or, there would be ALL IP addresses broadcasted in the DNS pointer for this FQDN.

Thoughts all ?



This thread was automatically locked due to age.
Parents
  • 0

    Hello MichaelGioia,

    if you do a reverse lookup you'll see the addresses belong to amazonaws.com. Guess you won't be able to obtain a range more specific than the AWS IP Range for your region or a list of addresses other than by performing a number of lookups. While you can assume that the host will still be there after the TTL (I see 60 seconds) has expired you can't tell for how long the address will actually be valid.

    Christian 

Reply
  • 0

    Hello MichaelGioia,

    if you do a reverse lookup you'll see the addresses belong to amazonaws.com. Guess you won't be able to obtain a range more specific than the AWS IP Range for your region or a list of addresses other than by performing a number of lookups. While you can assume that the host will still be there after the TTL (I see 60 seconds) has expired you can't tell for how long the address will actually be valid.

    Christian 

Children
Unfiltered HTML