Google Ad Services still blocked

Hi everyone,

 

that one bugs me:

In Web Protection I blocked the category "Web Ads" but made an exception for "^https?://([A-Za-z0-9.-]*\.)?googleadservices\.com/" and skipped: "URL Filter / Content Removal / SSL scanning / Certificate trust check / Certificate date check"

The URL https://www.googleadservices.com/pagead/aclk?sa=L&ai=CEb3U2hlSWZq7M4vZYrW1kfgMn5zB-0nT3afH0QW809H82ggICRABIN7Nzx4oFGCVsp-CsAegAajT5MMDyAEHqQIlrw1sP8iyPqoELU_QvG5X9l6EVcmggtaBVp03lZD8dhWTjwzZu4hyqPEjckjbAwbH8tSOTPuA-MAFBaAGJoAHjPKRKJAHA6gHpr4b2AcB4BLW1pesz_DKqd8B&ctype=5&ved=0ahUKEwjVj4qY0N3UAhUBzxQKHVPvAu0QrkMIEg&dblrd=1&val=GgiPEqqs-cZEEiABKAAwnbC04-fz_tIDOPOwyMoFQMyzyMoF&sig=AOD64_1JJfde0vdqfelTrICIy-nxWu3uuA&adurl=http://clickserve.dartsearch.net/link/click%3Flid%3D92700021927041567%26ds_s_kwgid%3D58700002543180166%26ds_s_inventory_feed_id%3D97700000002396362%26%26ds_e_adid%3D202212242552%26ds_e_matchtype%3Dsearch%26ds_e_device%3Dc%26ds_e_network%3Dg%26ds_e_product_group_id%3D299298482620%26ds_e_product_id%3D1486163%26ds_e_product_merchant_id%3D15143421%26ds_e_product_country%3DDE%26ds_e_product_language%3Dde%26ds_e_product_channel%3Donline%26ds_e_product_store_id%3D%7Bproduct_store_id%7D%26ds_url_v%3D2%26ds_dest_url%3Dhttp://r.refinedads.com/r.rfa%3Fv%3Dg3%26oid%3D2286%26aid%3D4014%26critValues%3D%26cid%3D864997103%26agid%3D49355159411%26tid%3Dpla-299298482620%26fid%3D%26adid%3D202212242552%26networkType%3DSearch%26n%3Dg%26p%3D%26q%3D%26mt%3D%26ap%3D1o1%26adt%3Dpla%26merchantid%3D15143421%26productid%3D1486163%26d%3Dc%26dm%3D%26p1%3D%26p2%3D%26r%3D16640977220556452153%26url%3Dhttp://www.mediamarkt.de/catentry/1486163

passes right through the Policy Helpdesk Tool as "passed" based on the exception I made. But the URL is not accessible via web browser.

When removing the S from https, the URL works.

In the Web Protection log I have to entries. One as allowed and one as blocked because of category "Web Ads".

 

Proxy is set to transparent, allthough the clients currently do not use the UTM as a gateway. The Web Protection is used by Sophos Enterprise Console and the Endpoint Protection.

 

I hope you guys can help me ... or girls ... no offense ;-)

 

BR,

Volker

  • In reply to DouglasFoster:

    DouglasFoster

    You should use a website override instead of an exception, checking the option for "include subdomains"

    Your exception is not being applied, as evidenced by exceptions="" in the logs.   The regex is for the fqdn but tbe match rule is full url.

     

     

    The RegEx matches the domain with any subdomain.

    And again: as I told before, the exception is working while using the UTM as a proxy.

  • In reply to Volker Walbröhl:

    Volker, have you tried Doug's suggestion?  It might not be affected by the same bug.  Please let us know if this workaround does what you need to accomplish.

    Cheers - Bob

  • In reply to BAlfson:

    Doug's suggestion may work - it uses a different mechanism to do the same thing.  However if it does it may still be just a workaround.

     

    I will repeat my suggestion:

    It might be that the RegEx for UTM and the RegEx for EndPoint is not parsed the same (for example whether to include http).
    Can you try another RegEx, just a bare "googleadservices\.com" ?

     

     

    Also, try making sure the Endpoint has a proper copy of the current configuration (I highly doubt this is the issue, but it doesn't hurt).

    On your windows computer go to %ProgramData%\Sophos\Web Control\Policy (yes put %ProgramData% in the path).

    Delete all files in the \Policy directory.

    Wait a few minutes, files will reappear.

    Test again.

  • In reply to Michael Dunn:

    so I made the changes as suggested, since my Broker was working this morning ....

    and this works. But, as you all said, it is just a workaround and no solution to the functions provided but not working.

     

    Question regarding this workaround: does this only overwrite the "URL Filter" or in addition any other checks made by the UTM/Endpoint?

     

    BR,

    Volker

  • In reply to Volker Walbröhl:

    This applies only to Web Filtering, Volker.

    Cheers - Bob

  • In reply to Volker Walbröhl:

    You may indeed have found a bug.   The URLs are extraordinarily long, so perhaps their length has something to do with your problem.  

    If you want the bug investigated, you will have to work with Sophos Support.   Your problem does not sound like it comes from a home user, so I assume that you can obtain support if you want it.   Level 1 is  very good at questions like this, generally anything of the form "Is this a configuration error or is it a bug?"  If you had started there, you might have gotten a better answer faster with less annoyance.   None of us on this forum are trying to undercut Sophos Support services.

    The escalation process flows from Level 2 Support to Level 3 Support to development queue, and has always taken me at least 6 weeks.   Level 2 and Level 3 people are very good, but their time is by appointment several days in advance.   When Level 3 agrees that you have found a bug, they package the issue for development, and it goes into the bucket of things to consider for future releases.  Once it goes into that queue, it is difficult to find out when or if it will be worked.

    Releases come at no more than 4 week intervals, and the work queue for the next release is probably set when your package arrives.   So even if it gets prompt attention, you should expect at least 4 months elapsed time before the bug fix appears on an up2date kit.   Perhaps you will be more fortunate than I, but I would not expect the fix to be under your Christmas tree this year.  So be grateful for a workaround.

    My general experience is that the entire webfilter system is both reliable and powerful.   So don't assume that this problem means that the whole system is shoddy.

  • In reply to DouglasFoster:

    DouglasFoster

    You may indeed have found a bug.   The URLs are extraordinarily long, so perhaps their length has something to do with your problem.  

    If you want the bug investigated, you will have to work with Sophos Support.   Your problem does not sound like it comes from a home user, so I assume that you can obtain support if you want it.   Level 1 is  very good at questions like this, generally anything of the form "Is this a configuration error or is it a bug?"  If you had started there, you might have gotten a better answer faster with less annoyance.   None of us on this forum are trying to undercut Sophos Support services.

    The escalation process flows from Level 2 Support to Level 3 Support to development queue, and has always taken me at least 6 weeks.   Level 2 and Level 3 people are very good, but their time is by appointment several days in advance.   When Level 3 agrees that you have found a bug, they package the issue for development, and it goes into the bucket of things to consider for future releases.  Once it goes into that queue, it is difficult to find out when or if it will be worked.

    Releases come at no more than 4 week intervals, and the work queue for the next release is probably set when your package arrives.   So even if it gets prompt attention, you should expect at least 4 months elapsed time before the bug fix appears on an up2date kit.   Perhaps you will be more fortunate than I, but I would not expect the fix to be under your Christmas tree this year.  So be grateful for a workaround.

    My general experience is that the entire webfilter system is both reliable and powerful.   So don't assume that this problem means that the whole system is shoddy.

     

     

    sounds, plausible with the length of the URL ... I'll post here the result of the support request made at Sophos.

    But this may take some time, my request is currently just 4 weeks old and 1st level support didn't fully understand the problem and requested the same logs over and over. Confused

    This thread was created in advance and the ticket was made as soon as my config was approved.

     

    So thank you all for your help and suggestions.

     

    BR,

    Volker