This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

website is added to exception but still it is UTM is blocking something when ever we try to login.

We are experiencing a issue whenever we access a bank portal in internet.

we are able to load the page and enter our username and password, after providing the credentials it keeps loading the page until it reach the the timeout expiration.

we already added the website in web filtering exception, still giving the issue. For testing purpose we connected to 4G router that is not connected to our UTM, it works fine we can access the bank portal and can create transaction.

Need help, Thank you.

This thread was automatically locked due to age.

0 ThorstenSeiler over 7 years ago

Have you checked in Webfilter Logs if there is an forward to any other website not covered by your exception?

It's possible, that the bank reroutes webrequests to another server / url. Also its possible that another security mechanism blocks access to the underlying portal.

Had similar issues with serveral automotiv-company-portals.

You need to add all the domains popping up in webfilter logs to your exceptions and / or skip one or the other security mechanism.

Regards,

Thorsten

---------------------------------------------------------------------

Using Sophos XG or UTM with Wifi Hotspot and Password of the Day?
Try our FREE Password of the Day APP!

For Sophos UTM
Apple iOS: https://apple.co/1YzD2vU
Google Android: https://bit.ly/23ELyRq For Sophos XG
Apple iOS: https://appsto.re/de/aZjTdb.i
Google Android: https://bit.ly/2bbimf1
Cancel
Vote Up 0 Vote Down

Cancel
0 ezra calubsing over 7 years ago in reply to ThorstenSeiler

Hi, i checked my webfilter logs.

no other url poped up, just the bank domain portal.

for security mechanism, i disable the user's firewall and antivirus.

and for the UTM im only using web filtering and application control.

But what i found is this, from Chrome Developer Tools>Console
a warning showed:

jquery-1.8.3.js?v=20161030145822:2
Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.

im not sure if this is related to security.

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 ThorstenSeiler over 7 years ago in reply to ezra calubsing

What happens with i.e. Internet Explorer? Same Issue?

Can you please post a snip of the webfilter log starting from loading the portal till after the login?

With the Chrome Message you posted I would guess that the site tries to load a script or something from a different location that is beeing blocked...

Regards,

Thorsten

---------------------------------------------------------------------

Using Sophos XG or UTM with Wifi Hotspot and Password of the Day?
Try our FREE Password of the Day APP!

For Sophos UTM
Apple iOS: https://apple.co/1YzD2vU
Google Android: https://bit.ly/23ELyRq For Sophos XG
Apple iOS: https://appsto.re/de/aZjTdb.i
Google Android: https://bit.ly/2bbimf1
Cancel
Vote Up 0 Vote Down

Cancel
0 ezra calubsing over 7 years ago in reply to ThorstenSeiler

Hi,

For IE this is the ouput, img1 img2

and for its filter

2016:11:20-10:00:10 fayfirewall httpproxy[28139]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.10.11.7" dstip="x.19.90.21" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_HttProContaInterAfcc5 (Finance Acess)" filteraction="REF_HttCffProcuAcces (Procurement Access)" size="220410" request="0xe0537600" url="https://www.bank.com/" referer="" error="Connection timed out" authtime="0" dnstime="45021" cattime="0" avscantime="0" fullreqtime="971670202" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience"

2016:11:20-10:00:14 fayfirewall httpproxy[28139]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.10.11.7" dstip="x.19.90.21" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_HttProContaInterAfcc5 (Finance Acess)" filteraction="REF_HttCffProcuAcces (Procurement Access)" size="697709" request="0xa6f5e00" url="https://www.bank.com/" referer="" error="Connection timed out" authtime="0" dnstime="4" cattime="0" avscantime="0" fullreqtime="1035805048" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience"

2016:11:20-10:00:19 fayfirewall httpproxy[28139]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.10.11.7" dstip="x.19.90.21" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_HttProContaInterAfcc5 (Finance Acess)" filteraction="REF_HttCffProcuAcces (Procurement Access)" size="122005" request="0x9ff7800" url="https://www.bank.com/" referer="" error="Connection timed out" authtime="0" dnstime="44994" cattime="0" avscantime="0" fullreqtime="979862016" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience"

Thank you.
Cancel
Vote Up 0 Vote Down

Cancel
0 sachingurung over 7 years ago in reply to ezra calubsing

Hi Ezra,

Please show us a picture of the Web Filter exception policy. What is the mode of Web Protection configured on UTM?

Sometimes, status code="500" means that if an Exception for AV doesn't work, you will need to skip the Proxy for that IP.

Also, Restart httpproxy by taking SSH to UTM and login as root, execute: /var/mdw/scripts/httpproxy restart.

Thanks

Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel

0 ezra calubsing over 7 years ago in reply to sachingurung

Hi,

here is the Web filter exception policy that i created for the bank portal

Al Mubasher

Skipping:

Authentication / Caching / Block by download size / Antivirus / Sandstorm / Extension blocking / MIME type blocking / Content Removal / SSL scanning / Certificate trust check / Certificate date check

Matching these URLs:

or Going to these categories of websites:

Finance/Banking

also this is the Web filtering profile for the user

I used Transparent Mode.

General Policy

Mode:

Blacklist

Blocked Categories

Weapons
Locomotion
GamesGambles
Private Homepages
CriminalActivities
Suspicious
EntertainmentCulture
Lifestyle
Drugs
ExtremisticSites
Nudity
BotNet Detected

Blocked Sites

iTunes
Googlevideo
APPLE UPDATE
Youtube
Other Sites

Allowed Sites

http://www.flynas.com/en/
booking.flynas.com/
login.microsoftonline.com
ELM PORTAL
WeTransfer
Ticketing
Reddit
Al Mubasher
PhotoShop

Uncategorized sites are

blocked

Spyware is

blocked

Blocked file extensions

exe, msi, com, bat, vbx, hta, inf, jse, wsh, vbs, vbe, lnk, chm, pif, reg, scr, cmd

Blocked MIME types

swf, mp4, mpeg, mov, mkv, 3gp

Antivirus scanning

Single Scan

Refer to Sandstorm

enabled

PUA detection

enabled

I'll try your suggestion, restarting the httproxy.

Thank you.

0 BAlfson over 7 years ago in reply to ezra calubsing

As Sachin said, if your Exception for Antivirus didn't get rid of the "500" in the Web Filtering log, you will need to skip the Proxy for that site.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel