This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Partial content (Range) rejected by proxy after upgrading to 9.6

After upgrade from 9.510-5 to 9.600-5, proxy started to respond with status "416 Requested range not satisfiable" to any request that has to be scanned with AV and includes Range: header. In /var/log/http.log, the denied request has reason="range". Sniff from the outside wire shows that the request from proxy to webserver is processed correctly.


Workaround: After putting problematic URL patterns to web filtering exception rule with AV scanning turned off, the requests are processed as before upgrade to 9.6.


Is this intended behavioral change in 9.6? I know, the partial content serving can be abused to bypass AV scanning, so generally it is good idea to handle requests with partial content differently and not to pass their responses without scanning, but IMHO there should be more sophisticated algorithm at the proxy to deal with this situation:

1) send HEAD to determine the content size, whether it is within size limit for scanning;
2) if it is over the size limit, process request without scanning;
3) if it is within the size limit, request whole content (and possibly cache it for subsequent range requests), scan it and serve partial content to the client.




This thread was automatically locked due to age.
  • Hi!


    I've the same problem. I usually only is a real problem when streaming content. To get rid of "reason=range" in web proxy I've to disable nearly all the checks instead of only deactivating "AV Bypass".

    @Sophos: could please someone fix this? I installed the latest version ( of UTM today and the problem is still not fixed.

    I really don't like to change all my proxy settings just because of this bug, because when it gets fixed somewhen it's likely to happen unnoticed. So, using all the available security features in future for the workaround'ed devices will never be enabled again.

    And now think about companies using UTM instead of private customers ...

  • Hi!


    I've the same problem. I usually only is a real problem when streaming content. To get rid of "reason=range" in web proxy I've to disable nearly all the checks instead of only deactivating "AV Bypass".

    @Sophos: could please someone fix this? I installed the latest version ( of UTM today and the problem is still not fixed.

    I really don't like to change all my proxy settings just because of this bug, because when it gets fixed somewhen it's likely to happen unnoticed. So, using all the available security features in future for the workaround'ed devices will never be enabled again.

    And now think about companies using UTM instead of private customers ...

  • Hallo and welcome to the UTM Community!

    Have you tried selecting 'Bypass content scanning for streaming content' on the 'Misc' tab?

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA