This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Google Ad Services still blocked

Hi everyone,

 

that one bugs me:

In Web Protection I blocked the category "Web Ads" but made an exception for "^https?://([A-Za-z0-9.-]*\.)?googleadservices\.com/" and skipped: "URL Filter / Content Removal / SSL scanning / Certificate trust check / Certificate date check"

The URL https://www.googleadservices.com/pagead/aclk?sa=L&ai=CEb3U2hlSWZq7M4vZYrW1kfgMn5zB-0nT3afH0QW809H82ggICRABIN7Nzx4oFGCVsp-CsAegAajT5MMDyAEHqQIlrw1sP8iyPqoELU_QvG5X9l6EVcmggtaBVp03lZD8dhWTjwzZu4hyqPEjckjbAwbH8tSOTPuA-MAFBaAGJoAHjPKRKJAHA6gHpr4b2AcB4BLW1pesz_DKqd8B&ctype=5&ved=0ahUKEwjVj4qY0N3UAhUBzxQKHVPvAu0QrkMIEg&dblrd=1&val=GgiPEqqs-cZEEiABKAAwnbC04-fz_tIDOPOwyMoFQMyzyMoF&sig=AOD64_1JJfde0vdqfelTrICIy-nxWu3uuA&adurl=http://clickserve.dartsearch.net/link/click%3Flid%3D92700021927041567%26ds_s_kwgid%3D58700002543180166%26ds_s_inventory_feed_id%3D97700000002396362%26%26ds_e_adid%3D202212242552%26ds_e_matchtype%3Dsearch%26ds_e_device%3Dc%26ds_e_network%3Dg%26ds_e_product_group_id%3D299298482620%26ds_e_product_id%3D1486163%26ds_e_product_merchant_id%3D15143421%26ds_e_product_country%3DDE%26ds_e_product_language%3Dde%26ds_e_product_channel%3Donline%26ds_e_product_store_id%3D%7Bproduct_store_id%7D%26ds_url_v%3D2%26ds_dest_url%3Dhttp://r.refinedads.com/r.rfa%3Fv%3Dg3%26oid%3D2286%26aid%3D4014%26critValues%3D%26cid%3D864997103%26agid%3D49355159411%26tid%3Dpla-299298482620%26fid%3D%26adid%3D202212242552%26networkType%3DSearch%26n%3Dg%26p%3D%26q%3D%26mt%3D%26ap%3D1o1%26adt%3Dpla%26merchantid%3D15143421%26productid%3D1486163%26d%3Dc%26dm%3D%26p1%3D%26p2%3D%26r%3D16640977220556452153%26url%3Dhttp://www.mediamarkt.de/catentry/1486163

passes right through the Policy Helpdesk Tool as "passed" based on the exception I made. But the URL is not accessible via web browser.

When removing the S from https, the URL works.

In the Web Protection log I have to entries. One as allowed and one as blocked because of category "Web Ads".

 

Proxy is set to transparent, allthough the clients currently do not use the UTM as a gateway. The Web Protection is used by Sophos Enterprise Console and the Endpoint Protection.

 

I hope you guys can help me ... or girls ... no offense ;-)

 

BR,

Volker



This thread was automatically locked due to age.
Parents
  • Looks to me like your regex meefs a slash before the hypen

    [A-Za-z0-9\-]

  • DouglasFoster said:

    Looks to me like your regex meefs a slash before the hypen

    [A-Za-z0-9\-]

     

    I'm afraid I must disappoint you, but the RegEx is valid (in means of UTM). It's copy&paste from all the other exceptions and valid. But that should be obvious, since I mentioned in my earlier post, that it's working while using the UTM as a proxy.

     

    BR,

    Volker

  • You should use a website override instead of an exception, checking the option for "include subdomains"

    Your exception is not being applied, as evidenced by exceptions="" in the logs.   Still thinking about why.

  • You should use a website override instead of an exception, checking the option for "include subdomains"

    Your exception is not being applied, as evidenced by exceptions="" in the logs.   The regex is for the fqdn but tbe match rule is full url.

  • Cattegory and reputation can be different for different paths under the same host, so it is best to use policy helpdesk with s full utl.

    When using the website exception method, I override the category but never the reputation, for safety reasons.  Business is a good generic allow category.

    If you don't want to use any existing category, you can create a tag for the website, assign the tag in website overrides, and grant an allow action in tbe filter action(s).  This can be used to grant the override to specific users only, and the tsg becomes the equivalent of a custom category.

  • DouglasFoster said:

    You should use a website override instead of an exception, checking the option for "include subdomains"

    Your exception is not being applied, as evidenced by exceptions="" in the logs.   The regex is for the fqdn but tbe match rule is full url.

     

     

    The RegEx matches the domain with any subdomain.

    And again: as I told before, the exception is working while using the UTM as a proxy.

  • Volker, have you tried Doug's suggestion?  It might not be affected by the same bug.  Please let us know if this workaround does what you need to accomplish.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Doug's suggestion may work - it uses a different mechanism to do the same thing.  However if it does it may still be just a workaround.

     

    I will repeat my suggestion:

    It might be that the RegEx for UTM and the RegEx for EndPoint is not parsed the same (for example whether to include http).
    Can you try another RegEx, just a bare "googleadservices\.com" ?

     

     

    Also, try making sure the Endpoint has a proper copy of the current configuration (I highly doubt this is the issue, but it doesn't hurt).

    On your windows computer go to %ProgramData%\Sophos\Web Control\Policy (yes put %ProgramData% in the path).

    Delete all files in the \Policy directory.

    Wait a few minutes, files will reappear.

    Test again.

  • so I made the changes as suggested, since my Broker was working this morning ....

    and this works. But, as you all said, it is just a workaround and no solution to the functions provided but not working.

     

    Question regarding this workaround: does this only overwrite the "URL Filter" or in addition any other checks made by the UTM/Endpoint?

     

    BR,

    Volker

  • This applies only to Web Filtering, Volker.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • You may indeed have found a bug.   The URLs are extraordinarily long, so perhaps their length has something to do with your problem.  

    If you want the bug investigated, you will have to work with Sophos Support.   Your problem does not sound like it comes from a home user, so I assume that you can obtain support if you want it.   Level 1 is  very good at questions like this, generally anything of the form "Is this a configuration error or is it a bug?"  If you had started there, you might have gotten a better answer faster with less annoyance.   None of us on this forum are trying to undercut Sophos Support services.

    The escalation process flows from Level 2 Support to Level 3 Support to development queue, and has always taken me at least 6 weeks.   Level 2 and Level 3 people are very good, but their time is by appointment several days in advance.   When Level 3 agrees that you have found a bug, they package the issue for development, and it goes into the bucket of things to consider for future releases.  Once it goes into that queue, it is difficult to find out when or if it will be worked.

    Releases come at no more than 4 week intervals, and the work queue for the next release is probably set when your package arrives.   So even if it gets prompt attention, you should expect at least 4 months elapsed time before the bug fix appears on an up2date kit.   Perhaps you will be more fortunate than I, but I would not expect the fix to be under your Christmas tree this year.  So be grateful for a workaround.

    My general experience is that the entire webfilter system is both reliable and powerful.   So don't assume that this problem means that the whole system is shoddy.

  • DouglasFoster said:

    You may indeed have found a bug.   The URLs are extraordinarily long, so perhaps their length has something to do with your problem.  

    If you want the bug investigated, you will have to work with Sophos Support.   Your problem does not sound like it comes from a home user, so I assume that you can obtain support if you want it.   Level 1 is  very good at questions like this, generally anything of the form "Is this a configuration error or is it a bug?"  If you had started there, you might have gotten a better answer faster with less annoyance.   None of us on this forum are trying to undercut Sophos Support services.

    The escalation process flows from Level 2 Support to Level 3 Support to development queue, and has always taken me at least 6 weeks.   Level 2 and Level 3 people are very good, but their time is by appointment several days in advance.   When Level 3 agrees that you have found a bug, they package the issue for development, and it goes into the bucket of things to consider for future releases.  Once it goes into that queue, it is difficult to find out when or if it will be worked.

    Releases come at no more than 4 week intervals, and the work queue for the next release is probably set when your package arrives.   So even if it gets prompt attention, you should expect at least 4 months elapsed time before the bug fix appears on an up2date kit.   Perhaps you will be more fortunate than I, but I would not expect the fix to be under your Christmas tree this year.  So be grateful for a workaround.

    My general experience is that the entire webfilter system is both reliable and powerful.   So don't assume that this problem means that the whole system is shoddy.

     

     

    sounds, plausible with the length of the URL ... I'll post here the result of the support request made at Sophos.

    But this may take some time, my request is currently just 4 weeks old and 1st level support didn't fully understand the problem and requested the same logs over and over. [8-)]

    This thread was created in advance and the ticket was made as soon as my config was approved.

     

    So thank you all for your help and suggestions.

     

    BR,

    Volker

Reply
  • DouglasFoster said:

    You may indeed have found a bug.   The URLs are extraordinarily long, so perhaps their length has something to do with your problem.  

    If you want the bug investigated, you will have to work with Sophos Support.   Your problem does not sound like it comes from a home user, so I assume that you can obtain support if you want it.   Level 1 is  very good at questions like this, generally anything of the form "Is this a configuration error or is it a bug?"  If you had started there, you might have gotten a better answer faster with less annoyance.   None of us on this forum are trying to undercut Sophos Support services.

    The escalation process flows from Level 2 Support to Level 3 Support to development queue, and has always taken me at least 6 weeks.   Level 2 and Level 3 people are very good, but their time is by appointment several days in advance.   When Level 3 agrees that you have found a bug, they package the issue for development, and it goes into the bucket of things to consider for future releases.  Once it goes into that queue, it is difficult to find out when or if it will be worked.

    Releases come at no more than 4 week intervals, and the work queue for the next release is probably set when your package arrives.   So even if it gets prompt attention, you should expect at least 4 months elapsed time before the bug fix appears on an up2date kit.   Perhaps you will be more fortunate than I, but I would not expect the fix to be under your Christmas tree this year.  So be grateful for a workaround.

    My general experience is that the entire webfilter system is both reliable and powerful.   So don't assume that this problem means that the whole system is shoddy.

     

     

    sounds, plausible with the length of the URL ... I'll post here the result of the support request made at Sophos.

    But this may take some time, my request is currently just 4 weeks old and 1st level support didn't fully understand the problem and requested the same logs over and over. [8-)]

    This thread was created in advance and the ticket was made as soon as my config was approved.

     

    So thank you all for your help and suggestions.

     

    BR,

    Volker

Children
No Data