This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue allowing access to webpage

Hello

 

We have a UTM running 9.502-4, we are using Web Filtering in Standard Mode with AD SSO Authentication.  We have several AD groups, one that is "whitelist only".

 

People in the whitelist only group are having trouble using the Royal Mail tracking website.  The website loads, but when they click on the "Track your delivery" button nothing happens.  

 

The URL is: https://www.royalmail.com/track-your-item#/

 

Using the UTM logs, I have found everything that is being blocked when visiting the website and added it to the web-filteirng exceptions list.  I have attached a log to this post, the username is removed from the logs and the IP changed to 0.0.0.0

 

The website works fine for anyone not in the whitelist only group.

 

I am not convinced that anything actually happens when an affected user clicks the "Track your delivery" button, since nothing else shows up in the logs when I press it.  It seems I have whitelisted a selection of cookie-tracking and CDN URLs.

 

I have a suspicion that the problem has something to do with the Google Recaptcha.  When I go to the website as an unaffected user, there is a little "Captch" box displayed to the side of the webpage (it seems to be operating in invisible mode rather than having to click the "I'm not a robot" box).  When a whitelist only user goes to the site, the Captcha box does not display.  In the logs, the only line that standads out is the one where the Captcha loads, and there is no "CONNECT" but rather than a "GET".

 

Does anyone have any ideas as to what the problem might be or pointers for further troubleshooting?

Many thanks

2018:05:08-11:20:05 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="43533" request="0xc64f0000" url="https://c.webtrends.com/" referer="" error="" authtime="18" dnstime="0" cattime="0" avscantime="0" fullreqtime="1117" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:05 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="43533" request="0xb3d51000" url="https://tags.tiqcdn.com/" referer="" error="" authtime="16" dnstime="0" cattime="0" avscantime="0" fullreqtime="1061" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:05 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="43533" request="0xd2169600" url="https://www.royalmail.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="1198" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:05 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="43533" request="0x873e7800" url="https://www.royalmail.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="1239" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:05 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="66893" request="0x8ca74a00" url="https://s7.addthis.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="1580" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:05 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="43533" request="0xcc485800" url="https://www.royalmail.com/" referer="" error="" authtime="0" dnstime="0" cattime="0" avscantime="0" fullreqtime="1674" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:05 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="43533" request="0x56464400" url="https://www.royalmail.com/" referer="" error="" authtime="0" dnstime="0" cattime="0" avscantime="0" fullreqtime="1656" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:05 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="43533" request="0xccd12400" url="https://www.royalmail.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="1492" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:05 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0x6a4b8c00" url="https://www.royalmail.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="3944" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:05 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0x6a4b8c00" url="https://www.royalmail.com/" referer="" error="" authtime="8" dnstime="0" cattime="0" avscantime="0" fullreqtime="910" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:05 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0x83536c00" url="https://tags.tiqcdn.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="2061" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:05 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0xc541f800" url="https://s7.addthis.com/" referer="" error="" authtime="3" dnstime="0" cattime="0" avscantime="0" fullreqtime="2317" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:05 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0xc541f800" url="https://s7.addthis.com/" referer="" error="" authtime="8" dnstime="0" cattime="0" avscantime="0" fullreqtime="1547" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:05 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0x83536c00" url="https://tags.tiqcdn.com/" referer="" error="" authtime="5" dnstime="0" cattime="0" avscantime="0" fullreqtime="2088" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:05 utm httpproxy[15677]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="0.0.0.0" dstip="216.58.212.68" user="" group="Web Filtering Level 1" ad_domain="CLIENTBASE" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffWebFilteLevel (Web Filtering Level One (Restrictive))" size="0" request="0xd96f4a00" url="https://www.google.com/recaptcha/api.js?onload=grecaptchaOnloadCallback&render=explicit" referer="https://www.royalmail.com/track-your-item" error="" authtime="95" dnstime="3" cattime="101" avscantime="0" fullreqtime="2101" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:05 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0x83963200" url="https://c.webtrends.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="2071" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:05 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0x83963200" url="https://c.webtrends.com/" referer="" error="" authtime="8" dnstime="0" cattime="0" avscantime="0" fullreqtime="971" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:06 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0x6c4a1000" url="https://c.webtrends.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="2344" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:06 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0x6c4a1000" url="https://c.webtrends.com/" referer="" error="" authtime="8" dnstime="0" cattime="0" avscantime="0" fullreqtime="1364" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:06 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0xc7903600" url="https://m.addthis.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="2098" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:06 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0xc7903600" url="https://m.addthis.com/" referer="" error="" authtime="8" dnstime="0" cattime="0" avscantime="0" fullreqtime="1718" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:06 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0xd488aa00" url="https://ots.optimize.webtrends.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="2105" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:06 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0xd488aa00" url="https://ots.optimize.webtrends.com/" referer="" error="" authtime="8" dnstime="0" cattime="0" avscantime="0" fullreqtime="1616" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:06 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0x83965600" url="https://datacloud.tealiumiq.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="2234" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:06 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0x83965600" url="https://datacloud.tealiumiq.com/" referer="" error="" authtime="8" dnstime="0" cattime="0" avscantime="0" fullreqtime="1315" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:06 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0x68028000" url="https://metrics.royalmail.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="2138" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:06 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0x6ccd2c00" url="https://visitor-service.tealiumiq.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="2467" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:06 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0x68028000" url="https://metrics.royalmail.com/" referer="" error="" authtime="8" dnstime="0" cattime="0" avscantime="0" fullreqtime="2109" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:06 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0x6ccd2c00" url="https://visitor-service.tealiumiq.com/" referer="" error="" authtime="6" dnstime="0" cattime="0" avscantime="0" fullreqtime="1483" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:07 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0xd52b7600" url="https://cdn.decibelinsight.net/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="2620" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:07 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0x93a6aa00" url="https://cdn.decibelinsight.net/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="2910" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:07 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0xa89c400" url="https://cdn.decibelinsight.net/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="3343" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:07 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0x93a6aa00" url="https://cdn.decibelinsight.net/" referer="" error="" authtime="8" dnstime="0" cattime="0" avscantime="0" fullreqtime="1251" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:07 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0xd52b7600" url="https://cdn.decibelinsight.net/" referer="" error="" authtime="6" dnstime="0" cattime="0" avscantime="0" fullreqtime="2006" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:07 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0x85087000" url="https://safebrowsing.googleapis.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="3441" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
2018:05:08-11:20:07 utm httpproxy[15677]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="95951" request="0xa89c400" url="https://cdn.decibelinsight.net/" referer="" error="" authtime="7" dnstime="0" cattime="0" avscantime="0" fullreqtime="1787" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"

 



This thread was automatically locked due to age.
Parents
  • Maybe you could replace the log lines with ones where the obfuscations are more like user="user1" or user="user2".  Also show the last octet in the srcip.  Also, show something in the Profile that lets us see which profile(s) are blocked.

    Why are you using Exceptions instead of adding items to the whitelist?

    Cheers - Bob 

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob

     

    Thanks for your reply, it looks like this is actually a "problem" with the Google ReCaptcha service.  Oddly, when a web browser is run with Domain Admin privaleges the (invisible) ReCaptcha works fine.  Some policy or the other must be blocking something the ReCaptcha uses.  I've tried using the Google Invisible ReCaptcha demo site, in Chrome it doesn't work at all and in IE it struggles to load the ReCaptcha but eventually does.

     

    I do whitelist first, and if I still can't get a website to work I then use exceptions (not very often tho).  I use exceptions a lot of when testing.

     

    Thanks for the log file tips, I'll keep that in mind next time I post.

     

    Regards

    Paul

Reply
  • Hi Bob

     

    Thanks for your reply, it looks like this is actually a "problem" with the Google ReCaptcha service.  Oddly, when a web browser is run with Domain Admin privaleges the (invisible) ReCaptcha works fine.  Some policy or the other must be blocking something the ReCaptcha uses.  I've tried using the Google Invisible ReCaptcha demo site, in Chrome it doesn't work at all and in IE it struggles to load the ReCaptcha but eventually does.

     

    I do whitelist first, and if I still can't get a website to work I then use exceptions (not very often tho).  I use exceptions a lot of when testing.

     

    Thanks for the log file tips, I'll keep that in mind next time I post.

     

    Regards

    Paul

Children
No Data