This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Astaro blocking Google Map Search all of a sudden?

Hey all,
Running 8.102 version ASG at home, and a week or two ago, ASG suddenly started blocking out Google Map Search view on my Google Home page (the widget you can add to your iGoogle page.  

I am running HTTP/S in Transparent Mode currently, and everything else is working as it should (or so appears thus far).  I have made no changes to any settings to warrant this, other than adding sites to be blocked that try to install that anti-virus malware garbage.  None of those sites are a part of Google, and I can ping the map search DNS name from the Astaro box using the Ping Tool, and I can trace route the DNS name and IP just fine.  if I turn off Transparent mode to Standard, the widget will re-appear, showing the map and traffic.  I can change it back to Transparent and the map search widget will stay visible for quite some time, but the next day, it's blocked again.

Anyone else running into this?

This is what I am seeing in the HTTP/S lie log when accessing iGoogle:

2011:05:12-07:19:21 amodin httpproxy[7437]: id="0062" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden url detected" action="block" method="GET" srcip="192.168.20.114" dstip="" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6463" time="953 ms" request="0xeab12958" url="www.google.com/jsapi

2011:05:12-07:19:21 amodin httpproxy[7437]: id="0062" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden url detected" action="block" method="GET" srcip="192.168.20.114" dstip="" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6463" time="1034 ms" request="0xeab12958" url="www.google.com/jsapi


This thread was automatically locked due to age.
Parents
  • Dilandau figured it out!  Amodin, those are "REGEX" - Regular Expressions.  "ce\.ms" will block all ce.ms subdomains, but it also will block, for example, http://www.goodplace.ms/.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Dilandau figured it out!  Amodin, those are "REGEX" - Regular Expressions.  "ce\.ms" will block all ce.ms subdomains, but it also will block, for example, http://www.goodplace.ms/.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hi,

    Thanks for your pointers guys! I found this thread at the top of Google when searching on our issue. It helped me pinpoint our issue in 2017 and this post is more of a reference for others. !

    Certain Google searches were referring to a blacklist. Search keywords included ship, apprenticeship, apprentice ship, gainshill and the likes. 

    Under UTM: Web Filter Profiles, Policies, Edit Filter Action, Web Sites, Block these websites - we had a "Badword" block-list that contained a Regular Expression of "shi+". Removing this phrase allows searches to work again. I therefore assume that the “+” acts like a wildcard and was therefore blocking any word with "shi" in it. 

    My question is whats the meaning of “+” in the UTM?

    Many thanks.

  • Expression Description Example

    n+ Matches any string that contains one or more occurrences of n in a row

    from

    -