Dear all,
hopefully this is the correct forum, otherwise please move it to the correct one :)
Well, we have "some" trouble with our Proxy/Webfilter. Since a few months we've got the problem, that sometimes, some pages got the "Host not Found" notification from our Firewall/Webfilter. Please see the attached Logs:
2018:03:06-11:01:39 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.178" dstip="" user="elmalie" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="2491" request="0xd5c72400" url="https://updates.tkassets.com/" referer="" error="Host not found" authtime="64" dnstime="190" cattime="119" avscantime="0" fullreqtime="218846" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36" exceptions="" category="105" reputation="trusted" categoryname="Business"
2018:03:06-11:03:33 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.112" dstip="" user="bouazzaouia" group="Internetsecurity mid ohne SocNw" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterMidOhne (Internetsecurity mid ohne SocNw)" size="0" request="0xc9b08c00" url="visitor-service-eu-central-1.tealiumiq.com/" referer="" error="Host not found" authtime="115" dnstime="10000521" cattime="122" avscantime="0" fullreqtime="10220148" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0" exceptions="" category="105" reputation="neutral" categoryname="Business"
2018:03:06-11:03:33 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.112" dstip="" user="bouazzaouia" group="Internetsecurity mid ohne SocNw" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterMidOhne (Internetsecurity mid ohne SocNw)" size="0" request="0xcc936600" url="visitor-service-eu-central-1.tealiumiq.com/" referer="" error="Host not found" authtime="63" dnstime="6991353" cattime="97" avscantime="0" fullreqtime="7211811" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0" exceptions="" category="105" reputation="neutral" categoryname="Business"
2018:03:06-11:03:34 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.112" dstip="" user="bouazzaouia" group="Internetsecurity mid ohne SocNw" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterMidOhne (Internetsecurity mid ohne SocNw)" size="0" request="0xd807e000" url="visitor-service-eu-central-1.tealiumiq.com/" referer="" error="Host not found" authtime="57" dnstime="6" cattime="154" avscantime="0" fullreqtime="221579" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0" exceptions="" category="105" reputation="neutral" categoryname="Business"
2018:03:06-11:03:35 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="POST" srcip="yyy.yyy.yyy.105" dstip="" user="xigonisi" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="0" request="0xd7e00c00" url="ocsp.int-x3.letsencrypt.org/" referer="" error="Host not found" authtime="71" dnstime="10000441" cattime="69" avscantime="2187" fullreqtime="10005987" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" sandbox="-" category="178" reputation="neutral" categoryname="Internet Services"
2018:03:06-11:03:37 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.112" dstip="" user="bouazzaouia" group="Internetsecurity mid ohne SocNw" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterMidOhne (Internetsecurity mid ohne SocNw)" size="0" request="0xd9f91e00" url="visitor-service-eu-central-1.tealiumiq.com/" referer="" error="Host not found" authtime="94" dnstime="6" cattime="118" avscantime="0" fullreqtime="216152" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0" exceptions="" category="105" reputation="neutral" categoryname="Business"
2018:03:06-11:03:37 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.185" dstip="" user="giehls" group="Internetsecurity mid ohne SocNw" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterMidOhne (Internetsecurity mid ohne SocNw)" size="2491" request="0xd9f90600" url="https://platform.twitter.com/" referer="" error="Host not found" authtime="58" dnstime="10000403" cattime="119" avscantime="0" fullreqtime="10219838" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 OPR/51.0.2830.34" exceptions="" category="188" reputation="neutral" categoryname="Blogs/Wiki"
2018:03:06-11:03:37 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.185" dstip="" user="giehls" group="Internetsecurity mid ohne SocNw" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterMidOhne (Internetsecurity mid ohne SocNw)" size="2490" request="0xdc5b9600" url="https://js.smartredirect.de/" referer="" error="Host not found" authtime="92" dnstime="10000346" cattime="75" avscantime="0" fullreqtime="10217465" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 OPR/51.0.2830.34" exceptions="" category="177" reputation="neutral" categoryname="Content Server"
2018:03:06-11:03:37 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.156" dstip="" user="shaha" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="0" request="0xccca5600" url="getpocket.cdn.mozilla.net/" referer="" error="Host not found" authtime="98" dnstime="10000473" cattime="81" avscantime="0" fullreqtime="10219870" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware"
2018:03:06-11:03:37 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.227" dstip="" user="hohlbaumc" group="Internetsecurity mid ohne SocNw" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterMidOhne (Internetsecurity mid ohne SocNw)" size="0" request="0xca3c5200" url="getpocket.cdn.mozilla.net/" referer="" error="Host not found" authtime="99" dnstime="9071986" cattime="135" avscantime="0" fullreqtime="9292501" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware"
2018:03:06-11:03:38 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="yyy.yyy.yyy.105" dstip="" user="xigonisi" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="0" request="0xdc75ea00" url="https://cdnjs.cloudflare.com/" referer="" error="Host not found" authtime="52" dnstime="9993569" cattime="185" avscantime="0" fullreqtime="9995783" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="178" reputation="neutral" categoryname="Internet Services"
2018:03:06-11:03:38 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="yyy.yyy.yyy.105" dstip="" user="xigonisi" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="0" request="0xdbebbe00" url="https://cdnjs.cloudflare.com/" referer="" error="Host not found" authtime="95" dnstime="10000446" cattime="86" avscantime="0" fullreqtime="10002576" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="178" reputation="neutral" categoryname="Internet Services"
2018:03:06-11:03:38 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="yyy.yyy.yyy.105" dstip="" user="xigonisi" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="0" request="0xc9948600" url="https://cdnjs.cloudflare.com/" referer="" error="Host not found" authtime="43" dnstime="9990778" cattime="72" avscantime="0" fullreqtime="9994341" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="178" reputation="neutral" categoryname="Internet Services"
2018:03:06-11:03:38 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="yyy.yyy.yyy.105" dstip="" user="xigonisi" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="0" request="0xc76e0600" url="https://cdnjs.cloudflare.com/" referer="" error="Host not found" authtime="50" dnstime="9995476" cattime="260" avscantime="0" fullreqtime="9997803" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="178" reputation="neutral" categoryname="Internet Services"
2018:03:06-11:03:39 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.144" dstip="" user="petsic" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="0" request="0xd5545800" url="i2-tmkymoaaqqwglqrqsomdvgokevablc.init.cedexis-radar.net/" referer="" error="Host not found" authtime="96" dnstime="10000364" cattime="24182" avscantime="0" fullreqtime="10257283" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0" exceptions="" category="105" reputation="trusted" categoryname="Business"
2018:03:06-11:03:42 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.173" dstip="" user="schambeckc" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="0" request="0xd8a97000" url="getpocket.cdn.mozilla.net/" referer="" error="Host not found" authtime="62" dnstime="6" cattime="117" avscantime="0" fullreqtime="223387" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware"
2018:03:06-11:03:56 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.133" dstip="" user="gemmerc" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="0" request="0xdc76a600" url="getpocket.cdn.mozilla.net/" referer="" error="Host not found" authtime="58" dnstime="4" cattime="73" avscantime="0" fullreqtime="225161" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware"
2018:03:06-11:03:56 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.196" dstip="" user="stijepicj" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="0" request="0xdcf5a400" url="getpocket.cdn.mozilla.net/" referer="" error="Host not found" authtime="46" dnstime="5" cattime="84" avscantime="0" fullreqtime="224102" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware"
2018:03:06-11:03:57 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="xxx.xxx.xxx.126" dstip="" user="rompfm" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="2586" request="0xd9047000" url="platform.twitter.com/.../follow_button.html referer="www.msn.com/.../ar-BBJV8dd error="Host not found" authtime="0" dnstime="5" cattime="271107" avscantime="0" fullreqtime="271580" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="" category="188" reputation="neutral" categoryname="Blogs/Wiki"
2018:03:06-11:04:00 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.112" dstip="" user="bouazzaouia" group="Internetsecurity mid ohne SocNw" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterMidOhne (Internetsecurity mid ohne SocNw)" size="0" request="0xc9b08600" url="visitor-service-eu-central-1.tealiumiq.com/" referer="" error="Host not found" authtime="66" dnstime="6" cattime="135" avscantime="0" fullreqtime="216822" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0" exceptions="" category="105" reputation="neutral" categoryname="Business"
2018:03:06-11:05:00 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.108" dstip="" user="dogand" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="2487" request="0xdb60aa00" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="44" dnstime="811" cattime="72" avscantime="0" fullreqtime="218859" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:05:02 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.108" dstip="" user="dogand" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="2487" request="0xc7699000" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="48" dnstime="5" cattime="81" avscantime="0" fullreqtime="207923" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:05:02 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.149" dstip="" user="karwan" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="2500" request="0xcc938a00" url="stannum-sub.azurewebsites.net/" referer="" error="Host not found" authtime="62" dnstime="1050" cattime="24203" avscantime="0" fullreqtime="243681" device="0" auth="2" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services"
2018:03:06-11:05:33 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.178" dstip="" user="elmalie" group="Internetsecurity low" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneLow (Internetsecurity low)" size="2491" request="0xd544ec00" url="https://updates.tkassets.com/" referer="" error="Host not found" authtime="100" dnstime="167" cattime="143" avscantime="0" fullreqtime="211012" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36" exceptions="" category="105" reputation="trusted" categoryname="Business"
2018:03:06-11:05:55 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.178" dstip="" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInternHigh (Internetsecurity high)" size="2486" request="0x8f8f000" url="https://idmsa.apple.com/" referer="" error="Host not found" authtime="0" dnstime="10000415" cattime="0" avscantime="0" fullreqtime="10216413" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,cache,fileextension"
2018:03:06-11:06:33 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="xxx.xxx.xxx.126" dstip="" user="rompfm" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="2507" request="0xdce9ea00" url="taboola.tex-sync.rockyou.net/.../taboola" referer="imprammp.taboola.com/st error="Host not found" authtime="0" dnstime="9058" cattime="23887" avscantime="0" fullreqtime="33371" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized"
2018:03:06-11:06:38 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="yyy.yyy.yyy.128" dstip="" user="stillers" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="0" request="0xc9bed200" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="63" dnstime="116" cattime="87" avscantime="0" fullreqtime="297567" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:06:38 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="yyy.yyy.yyy.128" dstip="" user="stillers" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="2487" request="0xcd015000" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="56" dnstime="3" cattime="67" avscantime="0" fullreqtime="295452" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:07:03 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.133" dstip="" user="gemmerc" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="0" request="0xdbc7fe00" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="86" dnstime="4" cattime="69" avscantime="0" fullreqtime="230460" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:07:27 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.133" dstip="" user="gemmerc" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="0" request="0xdbc06c00" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="46" dnstime="99" cattime="174" avscantime="0" fullreqtime="218852" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:07:29 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.133" dstip="" user="gemmerc" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="0" request="0xdbae4600" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="48" dnstime="5" cattime="82" avscantime="0" fullreqtime="216883" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:07:30 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="yyy.yyy.yyy.128" dstip="" user="stillers" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="0" request="0xc9b56000" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="50" dnstime="5" cattime="95" avscantime="0" fullreqtime="266505" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:07:35 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.133" dstip="" user="gemmerc" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="0" request="0xdbae5200" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="52" dnstime="4" cattime="92" avscantime="0" fullreqtime="220407" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:07:38 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="xxx.xxx.xxx.133" dstip="" user="gemmerc" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="0" request="0xccca5000" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="54" dnstime="5" cattime="92" avscantime="0" fullreqtime="218407" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:07:39 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="yyy.yyy.yyy.128" dstip="" user="stillers" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="0" request="0xd7b81200" url="https://match.adsrvr.org/" referer="" error="Host not found" authtime="53" dnstime="4" cattime="94" avscantime="0" fullreqtime="266784" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" exceptions="" category="154" reputation="neutral" categoryname="Web Ads"
2018:03:06-11:07:42 astaro httpproxy[14271]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="xxx.xxx.xxx.126" dstip="" user="rompfm" group="Internetsecurity mid" ad_domain="Company" statuscode="502" cached="0" profile="REF_HttProInternetse (Internetsecurity)" filteraction="REF_HttCffInterneMid (Internetsecurity mid)" size="2507" request="0xca747800" url="taboola.tex-sync.rockyou.net/.../taboola" referer="imprammp.taboola.com/st error="Host not found" authtime="0" dnstime="915" cattime="78" avscantime="0" fullreqtime="1396" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized"
Well, I checked the DNS, and the Categories of course, but couldn't find anything specific. As you can see, we sometimes get the 502 with a "dnstime" freaking high, sometimes is the cattime outer limit, other times we got just a high fullreqtime and finally we have just regular times (like in the last row at "2018:03:06-11:07:42").
We work at Transparent Mode with AD-SSO (and block access on failed auth), webfilter profiles and some exclusions via filtering options. Oh: It's Sophos Release 9.506-2 on a VM
I'd really need help and hopefully get some answers. If you need further Information, please let me know. Since I really want to solve this problem, I'll give you (nearly ;) ) anything you need.
Best regards,
Simon
This thread was automatically locked due to age.