Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 1397 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Authentication mit User Zertifikat durch Proxy

Tobias Friedenauer

Hallo,

 

wir haben ein Problem mit der Authentifizierung mit Userzertifikaten gegenüber Websites durch den Proxy der Sophos UTM.

Version der UTM ist 9.605-1. Beim Aufrufen der gewünschten Site kommt direkt der HTTP Error 403 forbidden. Eine Abfrage nach dem gewünschten User Zertifikat bleibt aus.

HTTPS entschlüsseln und scannen ist aktiv. Das Zertifikat der Sophos wurde durch die interne Zertifizierungsstelle ausgestellt, welcher intern vertraut wird.

Beim Aufrufen der Site über ein separates Gateway funktioniert die Authentifizierung.

Hat jemand eine Idee an was das liegt?

 

Vorab vielen Dank für eure Unterstützung.



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Would you please put the HTTP logs for the instance when the request fails and gives you 403 Forbidden error?

    Regards

    Jaydeep

  • 0 in reply to Jaydeep

    Hello,

     

    here is the log.

    2019:11:05-10:20:46 sophos httpproxy[10568]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="*.*.*.*" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_HttProContaInterNetwo (Internal-Webfilterprofil)" filteraction=" ()" size="2505" request="0x2bf83800" url="https://www.***.***.de/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="0" avscantime="0" fullreqtime="93" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36" exceptions=""

     

    meanwhile i got a workaround by defining a filter exception. Is this the regular solution?

     

    Thank you for you help!  

Reply
  • 0 in reply to Jaydeep

    Hello,

     

    here is the log.

    2019:11:05-10:20:46 sophos httpproxy[10568]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="*.*.*.*" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_HttProContaInterNetwo (Internal-Webfilterprofil)" filteraction=" ()" size="2505" request="0x2bf83800" url="https://www.***.***.de/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="0" avscantime="0" fullreqtime="93" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36" exceptions=""

     

    meanwhile i got a workaround by defining a filter exception. Is this the regular solution?

     

    Thank you for you help!  

Children
  • 0 in reply to Tobias Friedenauer

    Would you share the screenshot of the filter exception? Also, is this an internal website you're trying to reach? And also, is this the correct log sample? I'll post a link for Sophos UTM HTTP Log File.

    Regards

    Jaydeep

  • 0 in reply to Jaydeep

    The site is an external site. I got only this line in log. Filter is set on domainname. The HTTP 403 Forbidden is shown by the webserver not by the sophos.

    Hope this log entry shows the informations you need:

     

    2019:11:05-11:33:11 sophos httpproxy[10568]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="*.*.*.*" dstip="80.146.*.*" user="***" group="Power-Internet" ad_domain="***" statuscode="403" cached="0" profile="REF_HttProContaInterNetwo (Internal-Webfilterprofil)" filteraction="REF_HttCffPowerinter (Power-Internet)" size="410" request="0x4cf4aa00" url="www.***.***.de/.../" referer="" error="" authtime="0" dnstime="4" aptptime="54" cattime="99" avscantime="2122" fullreqtime="85651" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18362" exceptions="" category="105" reputation="neutral" categoryname="Business" sandbox="-" content-type="text/html"

     

    Edit: 

    the log entry is shown with disabled exception. 

  • 0 in reply to Tobias Friedenauer

    Hallo Tobias,

    I don't recall seeing this before.  In the User Authentication log, what do you see relative to this access?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML