Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 2062 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filter with WARN action problem

Peter Valky

Hello Community,

we have UTM 9 SG430 with Web Filter at standard mode.
After upgrade firmware from 9.508-10 to 9.601-5 is a broken URL with WARN action,
as seen in the images. There are also logs from communication with WARN action
before upgrade and after firmware upgrade.
Could anyone advise me what to do to make the WARN URLs work again? Thank you.
Regards

Peter

 

Functional with action WARN with previous firmware:
Firmware Version: 9.508-10 (4 updates available)
/var/log/http/2019/03/http-2019-03-13.log.gz:2019:03:13-07:16:44 dcs243-1 httpproxy[25588]: id="0071" severity="info" sys="SecureWeb" sub="http" name="web request warned, forbidden category detected" action="warn" method="GET" srcip="10.1.1.2" dstip="" user="tralala" group="Active Directory Users" ad_domain="LOCAL" statuscode="403" cached="0" profile="REF_HttProContaMgmtNetwo7 (AD Users)" filteraction="REF_HttCffAllDomain (All Domain)" size="2170" request="0xd30ff000" url="http://uloz.to/" referer="" error="" authtime="0" dnstime="0" cattime="37182" avscantime="0" fullreqtime="37437" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko" exceptions="patience" reason="category" category="170" reputation="unverified" categoryname="Personal Network Storage"
/var/log/http/2019/03/http-2019-03-13.log.gz:2019:03:13-07:16:44 dcs243-1 httpproxy[25588]: id="0071" severity="info" sys="SecureWeb" sub="http" name="web request warned, forbidden category detected" action="warn" method="GET" srcip="10.1.1.2" dstip="" user="tralala" group="Active Directory Users" ad_domain="LOCAL" statuscode="403" cached="0" profile="REF_HttProContaMgmtNetwo7 (AD Users)" filteraction="REF_HttCffAllDomain (All Domain)" size="2190" request="0xa30ec00" url="http://uloz.to/topbar.png" referer="http://uloz.to/" error="" authtime="0" dnstime="0" cattime="38149" avscantime="0" fullreqtime="38412" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko" exceptions="patience" reason="category" category="170" reputation="unverified" categoryname="Personal Network Storage"
/var/log/http/2019/03/http-2019-03-13.log.gz:2019:03:13-07:16:46 dcs243-1 httpproxy[25588]: id="0072" severity="info" sys="SecureWeb" sub="http" name="Contentfilter warned and proceeded" url="http://uloz.to/" srcip="10.1.1.2" category="170" categoryname="Personal Network Storage" user="tralala"
/var/log/http/2019/03/http-2019-03-13.log.gz:2019:03:13-07:16:47 dcs243-1 httpproxy[25588]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.1.1.2" dstip="77.48.29.99" user="tralala" group="Active Directory Users" ad_domain="LOCAL" statuscode="301" cached="0" profile="REF_HttProContaMgmtNetwo7 (AD Users)" filteraction="REF_HttCffAllDomain (All Domain)" size="185" request="0xd2ce9000" url="http://uloz.to/favicon.ico" referer="" error="" authtime="28" dnstime="938359" cattime="37597" avscantime="2183" fullreqtime="995867" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="patience" category="170" reputation="unverified" categoryname="Personal Network Storage" sandbox="-" content-type="text/html"
/var/log/http/2019/03/http-2019-03-13.log.gz:2019:03:13-07:16:47 dcs243-1 httpproxy[25588]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.1.1.2" dstip="77.48.29.99" user="tralala" group="Active Directory Users" ad_domain="LOCAL" statuscode="301" cached="0" profile="REF_HttProContaMgmtNetwo7 (AD Users)" filteraction="REF_HttCffAllDomain (All Domain)" size="185" request="0x8fec600" url="http://uloz.to/" referer="http://uloz.to/" error="" authtime="56" dnstime="577203" cattime="87" avscantime="2051" fullreqtime="597039" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko" exceptions="patience" category="170" reputation="unverified" categoryname="Personal Network Storage" sandbox="-" content-type="text/html"
/var/log/http/2019/03/http-2019-03-13.log.gz:2019:03:13-07:16:47 dcs243-1 httpproxy[25588]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.1.1.2" dstip="77.48.29.99" user="tralala" group="Active Directory Users" ad_domain="LOCAL" statuscode="200" cached="0" profile="REF_HttProContaMgmtNetwo7 (AD Users)" filteraction="REF_HttCffAllDomain (All Domain)" size="8609" request="0xd3b8ea00" url="https://uloz.to/" referer="" error="" authtime="81" dnstime="3" cattime="89" avscantime="0" fullreqtime="278819" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="patience" category="170" reputation="unverified" categoryname="Personal Network Storage"

Non-Functional with action WARN with Current firmware version: 9.601-5
Query Log: Web Filtering
2019:04:11-13:03:41 dcs243-1 httpproxy[32349]: id="0071" severity="info" sys="SecureWeb" sub="http" name="web request warned, forbidden category detected" action="warn" method="CONNECT" srcip="10.1.1.2" dstip="" user="tralala" group="Active Directory Users" ad_domain="LOCAL" statuscode="403" cached="0" profile="REF_HttProContaMgmtNetwo7 (AD Users)" filteraction="REF_HttCffAllDomain (All Domain)" size="0" request="0xccbb2a00" url="https://uloz.to/" referer="" error="" authtime="38" dnstime="0" aptptime="0" cattime="68" avscantime="0" fullreqtime="208516" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" exceptions="patience" reason="category" category="170" reputation="unverified" categoryname="Personal Network Storage"
2019:04:11-13:03:41 dcs243-1 httpproxy[32349]: id="0071" severity="info" sys="SecureWeb" sub="http" name="web request warned, forbidden category detected" action="warn" method="CONNECT" srcip="10.1.1.2" dstip="" user="tralala" group="Active Directory Users" ad_domain="LOCAL" statuscode="403" cached="0" profile="REF_HttProContaMgmtNetwo7 (AD Users)" filteraction="REF_HttCffAllDomain (All Domain)" size="2174" request="0xccf97100" url="https://uloz.to/" referer="" error="" authtime="70" dnstime="0" aptptime="0" cattime="147" avscantime="0" fullreqtime="212003" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" exceptions="patience" reason="category" category="170" reputation="unverified" categoryname="Personal Network Storage"
2019:04:11-13:03:45 dcs243-1 httpproxy[32349]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.1.1.2" dstip="" user="tralala" group="" ad_domain="LOCAL" statuscode="404" cached="0" profile="REF_HttProContaMgmtNetwo7 (AD Users)" filteraction=" ()" size="2650" request="0xd1604000" url="passthrough.eustream.local/proceed referer="" error="File not found" authtime="62" dnstime="0" aptptime="0" cattime="0" avscantime="0" fullreqtime="4106" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" exceptions="patience"

Functional with action ALLOW with Current firmware version: 9.601-5
2019:04:11-13:02:24 dcs243-1 httpproxy[32349]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.1.1.2" dstip="77.48.29.99" user="tralala" group="Active Directory Users" ad_domain="LOCAL" statuscode="301" cached="0" profile="REF_HttProContaMgmtNetwo7 (AD Users)" filteraction="REF_HttCffAllDomain (All Domain)" size="185" request="0xcc9e7c00" url="http://www.uloz.to/" referer="" error="" authtime="34" dnstime="1119795" aptptime="0" cattime="37357" avscantime="2178" fullreqtime="1176654" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" exceptions="patience" category="170" reputation="unverified" categoryname="Personal Network Storage" sandbox="-" content-type="text/html"
2019:04:11-13:02:24 dcs243-1 httpproxy[32349]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.1.1.2" dstip="77.48.29.99" user="tralala" group="Active Directory Users" ad_domain="LOCAL" statuscode="200" cached="0" profile="REF_HttProContaMgmtNetwo7 (AD Users)" filteraction="REF_HttCffAllDomain (All Domain)" size="15588" request="0xced9e300" url="https://www.uloz.to/" referer="" error="" authtime="34" dnstime="3" aptptime="0" cattime="54" avscantime="0" fullreqtime="102820" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" exceptions="patience" category="170" reputation="unverified" categoryname="Personal Network Storage"
2019:04:11-13:02:29 dcs243-1 httpproxy[32349]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.1.1.2" dstip="77.48.29.99" user="tralala" group="Active Directory Users" ad_domain="LOCAL" statuscode="200" cached="0" profile="REF_HttProContaMgmtNetwo7 (AD Users)" filteraction="REF_HttCffAllDomain (All Domain)" size="2936" request="0xcd163c00" url="https://www.uloz.to/" referer="" error="" authtime="27" dnstime="3" aptptime="0" cattime="58" avscantime="0" fullreqtime="27619" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" exceptions="patience" category="170" reputation="unverified" categoryname="Personal Network Storage"



This thread was automatically locked due to age.
Unfiltered HTML