Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 10079 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Decrypt and Scan enabled

PeterRL
Hi all,

this is the weirdest thing ever.

This issue began after updating to the latest version (9.310-11). No change on the configuration was made.

This regards, a active-passive UTMs, webfilter is being applied to AD groups (this set up has been working since two years now).

When browsing to certain sites that are blocked by policy, or sites that also make GETs to url that are blocked by policy, Internet explorer 9 and 10 crash with the message: "Internet Explorer blocked this website from displaying content with security security errors."

This behaviour does not happen when using Internet Explorer 8 or Chrome and Firefox (latest versions available).

For example, the following log regards access to acepi.pt

Since the page also goes get some info to facebook (that is blocked by policy), internet explorer crash:

2015:05:21-15:33:19 sophos2 httpproxy[24522]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="137.177.60.91" dstip="216.58.208.10" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (RF)" filteraction="REF_HttCffInternetal (Internet_All)" size="38608" request="0xe5aab800" url="ajax.googleapis.com/.../5.0)" exceptions="" category="177" reputation="neutral" categoryname="Content Server" application="googapis" app-id="176"
2015:05:21-15:33:19 sophos2 httpproxy[24522]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="137.177.60.91" dstip="85.88.136.102" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (RF)" filteraction="REF_HttCffInternetal (Internet_All)" size="23145" request="0xe46e6800" url="www.acepi.pt/.../NGO"
2015:05:21-15:33:19 sophos2 httpproxy[24522]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="137.177.60.91" dstip="137.135.179.251" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (RF)" filteraction="REF_HttCffInternetal (Internet_All)" size="42" request="0xe42e8800" url="otf.msn.com/c.gif
2015:05:21-15:33:19 sophos2 httpproxy[24522]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="137.177.60.91" dstip="85.88.136.102" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (RF)" filteraction="REF_HttCffInternetal (Internet_All)" size="18152" request="0xb3084000" url="www.acepi.pt/.../NGO"
2015:05:21-15:33:19 sophos2 httpproxy[24522]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="137.177.60.91" dstip="85.88.136.102" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (RF)" filteraction="REF_HttCffInternetal (Internet_All)" size="15843" request="0xca9b0800" url="www.acepi.pt/.../NGO"
2015:05:21-15:33:19 sophos2 httpproxy[24522]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="137.177.60.91" dstip="173.194.78.95" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (RF)" filteraction="REF_HttCffInternetal (Internet_All)" size="5198" request="0xcbadd000" url="fonts.googleapis.com/.../5.0)" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="googapis" app-id="176"
2015:05:21-15:33:19 sophos2 httpproxy[24522]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="137.177.60.91" dstip="173.194.78.95" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (RF)" filteraction="REF_HttCffInternetal (Internet_All)" size="4894" request="0xe7568800" url="fonts.googleapis.com/.../5.0)" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="googapis" app-id="176"
2015:05:21-15:33:19 sophos2 httpproxy[24522]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="137.177.60.91" dstip="173.194.78.95" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (RF)" filteraction="REF_HttCffInternetal (Internet_All)" size="4862" request="0xcafec800" url="fonts.googleapis.com/.../5.0)" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="googapis" app-id="176"
2015:05:21-15:33:19 sophos2 httpproxy[24522]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="137.177.60.91" dstip="216.58.208.14" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (RF)" filteraction="REF_HttCffInternetal (Internet_All)" size="11737" request="0xcb6f4800" url="www.google-analytics.com/.../5.0)" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="googanal" app-id="175"
2015:05:21-15:33:19 sophos2 httpproxy[24522]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="137.177.60.91" dstip="173.194.78.95" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (RF)" filteraction="REF_HttCffInternetal (Internet_All)" size="4910" request="0xcbadf000" url="fonts.googleapis.com/.../5.0)" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="googapis" app-id="176"
2015:05:21-15:33:19 sophos2 httpproxy[24522]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="137.177.60.91" dstip="173.194.78.95" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (RF)" filteraction="REF_HttCffInternetal (Internet_All)" size="5129" request="0xcafec000" url="fonts.googleapis.com/.../5.0)" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="googapis" app-id="176"
2015:05:21-15:33:19 sophos2 httpproxy[24522]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="137.177.60.91" dstip="173.194.78.95" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (RF)" filteraction="REF_HttCffInternetal (Internet_All)" size="4878" request="0xca9c2800" url="fonts.googleapis.com/.../5.0)" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="googapis" app-id="176"
2015:05:21-15:33:19 sophos2 httpproxy[24522]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="137.177.60.91" dstip="173.194.78.95" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (RF)" filteraction="REF_HttCffInternetal (Internet_All)" size="5118" request="0xcb24a800" url="fonts.googleapis.com/.../5.0)" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="googapis" app-id="176"
2015:05:21-15:33:19 sophos2 httpproxy[24522]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="137.177.60.91" dstip="85.88.136.102" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (RF)" filteraction="REF_HttCffInternetal (Internet_All)" size="13565" request="0xe4294800" url="www.acepi.pt/.../NGO"
2015:05:21-15:33:19 sophos2 httpproxy[24522]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="137.177.60.91" dstip="216.58.208.8" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (RF)" filteraction="REF_HttCffInternetal (Internet_All)" size="5168" request="0xcaf95800" url="ssl.google-analytics.com/.../5.0)" exceptions="" category="178" reputation="trusted" categoryname="Internet Services" application="googanal" app-id="175"
2015:05:21-15:33:19 sophos2 httpproxy[24522]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="137.177.60.91" dstip="" user="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaInterNetwo (RF)" filteraction="REF_HttCffInternetal (Internet_All)" size="3207" request="0xe4e70800" url="www.facebook.com/.../5.0)" exceptions="" reason="category" category="195" reputation="neutral" categoryname="Social Networking"
2015:05:21-15:33:49 sophos2 httpproxy[24522]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="137.177.60.91" dstip="85.88.136.102" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (RF)" filteraction="REF_HttCffInternetal (Internet_All)" size="302" request="0xb2ffd800" url="www.acepi.pt/.../NGO"


Since the problem regards errors with certificates, i´ve installed the UTM CA, but still, the problem was there.

I only was able to get the expect behaivour (i.e. not crashing the IE) by enabling "Decrypt and Scan" [:S][:S][:S] - This way, the page is correctly blocked and no problem with the application happens.

Does this makes sense to anyone?


This thread was automatically locked due to age.
Unfiltered HTML