Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 6943 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Webfiltering "statuscode=502" "Host not found" at serveral sites.

vpRoot

Dear all,

hopefully this is the correct forum, otherwise please move it to the correct one :)

Well, we have "some" trouble with our Proxy/Webfilter. Since a few months we've got the problem, that sometimes, some pages got the "Host not Found" notification from our Firewall/Webfilter. Please see the attached Logs:

2018:03:06-11:01:39 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.178" dstip="" user="elmalie" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="2491" request="0xd5c72400" url="https://updates.tkassets.com/" referer="" error="Host not found" authtime="64" dnstime="190" cattime="119" avscantime="0" fullreqtime="218846" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36" exceptions="" category="105" reputation="trusted" categoryname="Business"
2018:03:06-11:03:33 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.112" dstip="" user="bouazzaouia" group="Internetsecurity mid ohne SocNw" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterMidOhne (Internetsecurity mid ohne SocNw)" size="0" request="0xc9b08c00" url="visitor-service-eu-central-1.tealiumiq.com/" referer="" error="Host not found" authtime="115" dnstime="10000521" cattime="122" avscantime="0" fullreqtime="10220148" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0" exceptions="" category="105" reputation="neutral" categoryname="Business"
2018:03:06-11:03:33 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.112" dstip="" user="bouazzaouia" group="Internetsecurity mid ohne SocNw" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterMidOhne (Internetsecurity mid ohne SocNw)" size="0" request="0xcc936600" url="visitor-service-eu-central-1.tealiumiq.com/" referer="" error="Host not found" authtime="63" dnstime="6991353" cattime="97" avscantime="0" fullreqtime="7211811" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0" exceptions="" category="105" reputation="neutral" categoryname="Business"
2018:03:06-11:03:34 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.112" dstip="" user="bouazzaouia" group="Internetsecurity mid ohne SocNw" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterMidOhne (Internetsecurity mid ohne SocNw)" size="0" request="0xd807e000" url="visitor-service-eu-central-1.tealiumiq.com/" referer="" error="Host not found" authtime="57" dnstime="6" cattime="154" avscantime="0" fullreqtime="221579" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0" exceptions="" category="105" reputation="neutral" categoryname="Business"
2018:03:06-11:03:35 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="POST" srcip="yyy.yyy.yyy.105" dstip="" user="xigonisi" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="0" request="0xd7e00c00" url="ocsp.int-x3.letsencrypt.org/" referer="" error="Host not found" authtime="71" dnstime="10000441" cattime="69" avscantime="2187" fullreqtime="10005987" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" sandbox="-" category="178" reputation="neutral" categoryname="Internet Services"
2018:03:06-11:03:37 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.112" dstip="" user="bouazzaouia" group="Internetsecurity mid ohne SocNw" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterMidOhne (Internetsecurity mid ohne SocNw)" size="0" request="0xd9f91e00" url="visitor-service-eu-central-1.tealiumiq.com/" referer="" error="Host not found" authtime="94" dnstime="6" cattime="118" avscantime="0" fullreqtime="216152" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0" exceptions="" category="105" reputation="neutral" categoryname="Business"
2018:03:06-11:03:37 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.185" dstip="" user="giehls" group="Internetsecurity mid ohne SocNw" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterMidOhne (Internetsecurity mid ohne SocNw)" size="2491" request="0xd9f90600" url="https://platform.twitter.com/" referer="" error="Host not found" authtime="58" dnstime="10000403" cattime="119" avscantime="0" fullreqtime="10219838" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 OPR/51.0.2830.34" exceptions="" category="188" reputation="neutral" categoryname="Blogs/Wiki"
2018:03:06-11:03:37 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.185" dstip="" user="giehls" group="Internetsecurity mid ohne SocNw" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterMidOhne (Internetsecurity mid ohne SocNw)" size="2490" request="0xdc5b9600" url="https://js.smartredirect.de/" referer="" error="Host not found" authtime="92" dnstime="10000346" cattime="75" avscantime="0" fullreqtime="10217465" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 OPR/51.0.2830.34" exceptions="" category="177" reputation="neutral" categoryname="Content Server"
2018:03:06-11:03:37 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.156" dstip="" user="shaha" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="0" request="0xccca5600" url="getpocket.cdn.mozilla.net/" referer="" error="Host not found" authtime="98" dnstime="10000473" cattime="81" avscantime="0" fullreqtime="10219870" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware"
2018:03:06-11:03:37 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.227" dstip="" user="hohlbaumc" group="Internetsecurity mid ohne SocNw" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterMidOhne (Internetsecurity mid ohne SocNw)" size="0" request="0xca3c5200" url="getpocket.cdn.mozilla.net/" referer="" error="Host not found" authtime="99" dnstime="9071986" cattime="135" avscantime="0" fullreqtime="9292501" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware"
2018:03:06-11:03:38 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="yyy.yyy.yyy.105" dstip="" user="xigonisi" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="0" request="0xdc75ea00" url="https://cdnjs.cloudflare.com/" referer="" error="Host not found" authtime="52" dnstime="9993569" cattime="185" avscantime="0" fullreqtime="9995783" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="178" reputation="neutral" categoryname="Internet Services"
2018:03:06-11:03:38 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="yyy.yyy.yyy.105" dstip="" user="xigonisi" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="0" request="0xdbebbe00" url="https://cdnjs.cloudflare.com/" referer="" error="Host not found" authtime="95" dnstime="10000446" cattime="86" avscantime="0" fullreqtime="10002576" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="178" reputation="neutral" categoryname="Internet Services"
2018:03:06-11:03:38 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="yyy.yyy.yyy.105" dstip="" user="xigonisi" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="0" request="0xc9948600" url="https://cdnjs.cloudflare.com/" referer="" error="Host not found" authtime="43" dnstime="9990778" cattime="72" avscantime="0" fullreqtime="9994341" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="178" reputation="neutral" categoryname="Internet Services"
2018:03:06-11:03:38 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="yyy.yyy.yyy.105" dstip="" user="xigonisi" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="0" request="0xc76e0600" url="https://cdnjs.cloudflare.com/" referer="" error="Host not found" authtime="50" dnstime="9995476" cattime="260" avscantime="0" fullreqtime="9997803" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="178" reputation="neutral" categoryname="Internet Services"
2018:03:06-11:03:39 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.144" dstip="" user="petsic" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="0" request="0xd5545800" url="i2-tmkymoaaqqwglqrqsomdvgokevablc.init.cedexis-radar.net/" referer="" error="Host not found" authtime="96" dnstime="10000364" cattime="24182" avscantime="0" fullreqtime="10257283" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0" exceptions="" category="105" reputation="trusted" categoryname="Business"
2018:03:06-11:03:42 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.173" dstip="" user="schambeckc" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="0" request="0xd8a97000" url="getpocket.cdn.mozilla.net/" referer="" error="Host not found" authtime="62" dnstime="6" cattime="117" avscantime="0" fullreqtime="223387" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware"
2018:03:06-11:03:56 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.133" dstip="" user="gemmerc" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="0" request="0xdc76a600" url="getpocket.cdn.mozilla.net/" referer="" error="Host not found" authtime="58" dnstime="4" cattime="73" avscantime="0" fullreqtime="225161" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware"
2018:03:06-11:03:56 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.196" dstip="" user="stijepicj" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="0" request="0xdcf5a400" url="getpocket.cdn.mozilla.net/" referer="" error="Host not found" authtime="46" dnstime="5" cattime="84" avscantime="0" fullreqtime="224102" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware"
2018:03:06-11:03:57 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="xxx.xxx.xxx.126" dstip="" user="rompfm" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="2586" request="0xd9047000" url="platform.twitter.com/.../follow_button.html referer="www.msn.com/.../ar-BBJV8dd error="Host not found" authtime="0" dnstime="5" cattime="271107" avscantime="0" fullreqtime="271580" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="" category="188" reputation="neutral" categoryname="Blogs/Wiki"
2018:03:06-11:04:00 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.112" dstip="" user="bouazzaouia" group="Internetsecurity mid ohne SocNw" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterMidOhne (Internetsecurity mid ohne SocNw)" size="0" request="0xc9b08600" url="visitor-service-eu-central-1.tealiumiq.com/" referer="" error="Host not found" authtime="66" dnstime="6" cattime="135" avscantime="0" fullreqtime="216822" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0" exceptions="" category="105" reputation="neutral" categoryname="Business"
2018:03:06-11:05:00 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.108" dstip="" user="dogand" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="2487" request="0xdb60aa00" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="44" dnstime="811" cattime="72" avscantime="0" fullreqtime="218859" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:05:02 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.108" dstip="" user="dogand" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="2487" request="0xc7699000" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="48" dnstime="5" cattime="81" avscantime="0" fullreqtime="207923" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:05:02 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.149" dstip="" user="karwan" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="2500" request="0xcc938a00" url="stannum-sub.azurewebsites.net/" referer="" error="Host not found" authtime="62" dnstime="1050" cattime="24203" avscantime="0" fullreqtime="243681" device="0" auth="2" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services"
2018:03:06-11:05:33 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.178" dstip="" user="elmalie" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="2491" request="0xd544ec00" url="https://updates.tkassets.com/" referer="" error="Host not found" authtime="100" dnstime="167" cattime="143" avscantime="0" fullreqtime="211012" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36" exceptions="" category="105" reputation="trusted" categoryname="Business"
2018:03:06-11:05:55 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.178" dstip="" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInternHigh (Internetsecurity high)" size="2486" request="0x8f8f000" url="https://idmsa.apple.com/" referer="" error="Host not found" authtime="0" dnstime="10000415" cattime="0" avscantime="0" fullreqtime="10216413" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,cache,fileextension"
2018:03:06-11:06:33 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="xxx.xxx.xxx.126" dstip="" user="rompfm" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="2507" request="0xdce9ea00" url="taboola.tex-sync.rockyou.net/.../taboola" referer="imprammp.taboola.com/st error="Host not found" authtime="0" dnstime="9058" cattime="23887" avscantime="0" fullreqtime="33371" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized"
2018:03:06-11:06:38 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="yyy.yyy.yyy.128" dstip="" user="stillers" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="0" request="0xc9bed200" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="63" dnstime="116" cattime="87" avscantime="0" fullreqtime="297567" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:06:38 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="yyy.yyy.yyy.128" dstip="" user="stillers" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="2487" request="0xcd015000" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="56" dnstime="3" cattime="67" avscantime="0" fullreqtime="295452" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:07:03 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.133" dstip="" user="gemmerc" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="0" request="0xdbc7fe00" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="86" dnstime="4" cattime="69" avscantime="0" fullreqtime="230460" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:07:27 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.133" dstip="" user="gemmerc" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="0" request="0xdbc06c00" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="46" dnstime="99" cattime="174" avscantime="0" fullreqtime="218852" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:07:29 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.133" dstip="" user="gemmerc" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="0" request="0xdbae4600" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="48" dnstime="5" cattime="82" avscantime="0" fullreqtime="216883" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:07:30 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="yyy.yyy.yyy.128" dstip="" user="stillers" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="0" request="0xc9b56000" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="50" dnstime="5" cattime="95" avscantime="0" fullreqtime="266505" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:07:35 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.133" dstip="" user="gemmerc" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="0" request="0xdbae5200" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="52" dnstime="4" cattime="92" avscantime="0" fullreqtime="220407" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:07:38 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.133" dstip="" user="gemmerc" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="0" request="0xccca5000" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="54" dnstime="5" cattime="92" avscantime="0" fullreqtime="218407" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:07:39 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="yyy.yyy.yyy.128" dstip="" user="stillers" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="0" request="0xd7b81200" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="53" dnstime="4" cattime="94" avscantime="0" fullreqtime="266784" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:07:42 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="xxx.xxx.xxx.126" dstip="" user="rompfm" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="2507" request="0xca747800" url="taboola.tex-sync.rockyou.net/.../taboola" referer="imprammp.taboola.com/st error="Host not found" authtime="0" dnstime="915" cattime="78" avscantime="0" fullreqtime="1396" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized"

Well, I checked the DNS, and the Categories of course, but couldn't find anything specific. As you can see, we sometimes get the 502 with a "dnstime" freaking high, sometimes is the cattime outer limit, other times we got just a high fullreqtime and finally we have just regular times (like in the last row at "2018:03:06-11:07:42").

We work at Transparent Mode with AD-SSO (and block access on failed auth), webfilter profiles and some exclusions via filtering options. Oh: It's Sophos Release 9.506-2 on a VM

I'd really need help and hopefully get some answers. If you need further Information, please let me know. Since I really want to solve this problem, I'll give you (nearly ;) ) anything you need.

Best regards,

Simon



This thread was automatically locked due to age.
Parents
  • 0

    Not a problem with all websites, just some that happen to dislike our proxy.  Since you've already tried an Exception for AV scanning, skipping the Proxy on the 'Misc' tab of 'Filtering Options' would be the solution *** BUT! *** there were so many lines presented in your opening post, I didn't read any of them before my first response above.  That was a mistake on my part!

    In most of the lines, you have a "Host not found" error.  That, combined with your comment about high dnstimes, means you have a DNS configuration error.  Start with DNS best practice and see what you need to change.

    Note that the browsers request DNS resolution in Transparent mode, but the HTTP/S Proxy does it in Standard (explicit proxy) mode.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Not a problem with all websites, just some that happen to dislike our proxy.  Since you've already tried an Exception for AV scanning, skipping the Proxy on the 'Misc' tab of 'Filtering Options' would be the solution *** BUT! *** there were so many lines presented in your opening post, I didn't read any of them before my first response above.  That was a mistake on my part!

    In most of the lines, you have a "Host not found" error.  That, combined with your comment about high dnstimes, means you have a DNS configuration error.  Start with DNS best practice and see what you need to change.

    Note that the browsers request DNS resolution in Transparent mode, but the HTTP/S Proxy does it in Standard (explicit proxy) mode.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML