Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 10758 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connection reset by peer

Akcent

Hallo,

im Log sehe ich ganz viele Block's "Connection reset by peer", obwohl im Web-Proxy die URL als Außnahme inkl. aller Optionen auf die ^https?://([A-Za-z0-9.-]*\.)?gdatasecurity\.de/ vorhanden ist.

 

2017:01:11-17:13:36 firewall httpproxy[31655]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="POST" srcip="192.168.115.28" dstip="188.138.100.110" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2579" request="0x9a26a00" url="http://dlarray-europ-urlcl-pool-2.gdatasecurity.de/query" referer="" error="Connection reset by peer" authtime="0" dnstime="100" cattime="0" avscantime="0" fullreqtime="1048629" device="0" auth="0" ua="G DATA Agent/1.0" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience"

Die URL wird vom G DATA Virenschutz (vom Web-Protection Modul) aufgerufen.

Im Intrusion Prevention Log ist währen des Blockings nichts zu sehen (weiße Seite)

Jemand einen Hinweis woran das liegen und was man hier machen könnte?

Danke mal vorab und viele Grüße, Herry



This thread was automatically locked due to age.
  • 0

    Hallo Herry,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. [:(])

    Whenever you see a statuscode of 5xx, if a simple Exception for Antivirus doesn't solve the problem, you will need to skip the proxy for that site.  You do this in the Transparent Mode Skiplist if in Transparent and in the browser's LAN Settings if using Standard Mode.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thank you.

    Do you know why the exeptions don't work?

  • 0 in reply to Akcent

    The Exception does work, but Anitvirus was not the problem.  Some web servers just won't work with a proxy.  You would need access to the web server's logs to even begin to figure out if there's a new-feature opportunity for Sophos or an incorrect configuration of the web server.  The only solution if the Exception for AV doesn't resolve the problem is to skip the Proxy for the FQDN.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML