Unable to access certain website.

 Hi,

I am having some issues with users unable to access certain website. The issue do not happen when you access the site, it only during or after the login to the website.

The site did not shows any error, just the page keeps loading until it time-out.

I believe it have something to do with Web Filtering (no problem if I disable web filtering), but I am not able to pin-point exactly what is blocking the site.

Log view did not throw out any 'denied' log, so I have no idea what really happen.

Is there anyway I can do a debug using CLI and identify what exactly is happening?

I have s Sophos XG 330 (17.5.6 MR6)

Appreciate if you could advice.

 

Thanks/Jason

  • Check logviewer -> web for errors.

    Ian

  • In reply to rfcat_vk:

    Hi Ian,

    Thank you for the prompt reply.

    Yes.. I have checked the log viewer and that is where I usually look for errors, but it did not shows any error with regards to the site or even any other possible site/url that it might linked to.

    Regards/Jason

  • In reply to JasonJN:

    Hi Jason,

    again in logviewer have you checked the application view?

    Ian

  • In reply to rfcat_vk:

    Hi Ian,

    Yes.. definitively! I checked almost every log i can find, even in the /log directory, but no luck.

    Regards/Jason

  • In reply to JasonJN:

    Check out the DNS or Categorization services. 

     

    You should put the HTTP Proxy in Debug and inspect the access log.

     

    service awarrenhttp:debug -ds nosync 

    Same command to disable the http daemon. Please do not forgot to disable the daemon Debug!

     

    Than reproduce the issue and check the /log/awarrenhttp_access.log

    you can actually filter with tailf /log/awarrenhttp_access.log | grep Website

  • In reply to LuCar Toni:

    Hi LuCar Toni,

    Thank you for your reply.

    This is what I got..

    fwid=64 fwflag="V" iap=18 aap=16 conn_id=4059021312 id="0002" name="web request blocked" action="error" method="CONNECT" srcip="10.X.X.XX"
    dstip="47.74.160.101" user="testuser@domain.xxx" statuscode=500 cached=0 trxlen=3244 rxlen=291926 url="https://booking2.airasia.com/" referer=""
    type="" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=57 cattime=81 avscantime=0
    fullreqtime=38515576 ua="" activity="" av_transaction_id="" categoryname="Travel" category="76" app_id=0 app_name="None" app_cat="None"
    exceptions="av,https,policy,sandstorm"

    fwid=64 fwflag="V" iap=18 aap=16 conn_id=2706200152 id="0002" name="web request blocked" action="error" method="CONNECT" srcip="10.X.X.XX"
    dstip="47.246.1.10" user="testuser@domain.xxx" statuscode=500 cached=0 trxlen=4147 rxlen=679732 url="https://www.airasia.com/" referer=""
    type="" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=2017 cattime=74 avscantime=0
    fullreqtime=153514727 ua="" activity="" av_transaction_id="" categoryname="Travel" category="76" app_id=0 app_name="None" app_cat="None"
    exceptions="av,https,policy,sandstorm"

     

     

    Not sure why was the domain blocked. I have already include the domain under the Web Exceptions.

    It just keep loading and loading, after some time it will give a time-out error.

     

    Regards/Jason

  • In reply to JasonJN:

    Update.. 

    My current config is as below.. when I remove Web Policy, the site will work.

    I suppose this is related to web filtering but why i cannot really debug what is 'restricting' the access?

    I do block specific 'activities' using category, but if the site or some related sites are block, it should be reflect in the log, but I do not see any.. 

    I have submit a ticket to Sophos Support and I was advice to create a separate rule to exclude web filtering for those urls.

    If there are more of such sites, my exclusion will get more and more. Is this the only solution? No way to find out what exactly happening?

     

    Regards/Jason