Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 3004 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9 HTTPS Blocking Behaviour

Joel Heenan

I am evaluating a Sophos 9.601-5 appliance using AWS AMI Marketplace. The goal is to replace a Squid proxy solution.

For blocked HTTPS pages, the desire is that when the client issues the HTTP Connect method they are immediately returned a 403 Forbidden. When I setup the Sophos UTM device the behaviour is to return back a self-signed certificate and a block page. The problem is this self-signed certificate will break clients and there is no easy way to roll out a root CA.

Is there any way to change this behaviour?

Thanks for your help.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Joel and welcome to the UTM Community!

    Doug already gave an excellent answer, but I'm a bit confused by your question - is this what you want when the client tries to access a page with HTTP when only HTTPS is allowed?  Where are the clients?  Are they your coworkers or is this a service?  Are you looking for the functionality of Webserver Protection and have just tested Web Filtering?

    Cheers - Bob
    PS Moving this thread to the Web Protection forum.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hi Joel and welcome to the UTM Community!

    Doug already gave an excellent answer, but I'm a bit confused by your question - is this what you want when the client tries to access a page with HTTP when only HTTPS is allowed?  Where are the clients?  Are they your coworkers or is this a service?  Are you looking for the functionality of Webserver Protection and have just tested Web Filtering?

    Cheers - Bob
    PS Moving this thread to the Web Protection forum.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Hi Bob and Doug,


    Thanks for your replies. Yes the behaviour we were trying to emulate was that when the client asks the proxy for a HTTP Connect to a resource that is denied it is immediately given a "403 Forbidden".


    This is how Squid's behave.

    Client talks to squid port 3128 (HTTP)

    Client requests "HTTP Connect" (HTTP)

    Squid responds "403 Forbidden" (HTTP)

    This is before the SSL connection is established.

     

    Can Sophos UTM or Sophos XG support this behaviour?

  • 0 in reply to Joel Heenan

    We still don't know where the clients and web servers are Joel.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to Joel Heenan

    Hi Joel,

    This can be done but that is ONLY if the client sends the HTTP GET before the SSL session is established (it always sends the request on HTTP first). 

    An example of this is if you block domain.com, in your browser typing http://domain.com will give you a sophos block page, if you type https://domain.com you will get a certificate error (if you didn't push the CA). 

Unfiltered HTML