Fehlermeldung bei https Websites

Hallo Marcel,

Herzlich willkommen hier in der Community !

(Sorry, my German-speaking brain isn't creating thoughts at the moment. )

This isn't something either Philipp or I has ever seen reported here. Please show the line from the Web Filtering log that corresponds to the error message above.

When you look in the Web Filtering log for the block of portal.exchan.ge, do you see blocks of other https sites just before that?  After the block and before going to bild.de, do you see all other https sites blocked?

MfG - Bob (Bitte auf Deutsch weiterhin.)

Hallo Bob,

ich hatte Glück und konnte in den heutigen Locks bei einer IP-Adresse diverse block Einträge finden.
Der Mitarbeiter hat es echt lange und oft versucht. 
Gegen 6:17 hat dann wohl ein Kollege mit http://ebay.de ausgeholfen.

Seitdem gehen sämtliches Seiten auf.

Ich hoffe es hilft euch weiter

Gruß

Marcel

2021:04:14-06:08:27 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3272" request="0xe4c28300" url="">https://www.bing.com/" referer="" error="" authtime="2" dnstime="0" aptptime="0" cattime="161" avscantime="0" fullreqtime="204247" device="1" auth="2" ua="" exceptions="" category="145" reputation="neutral" categoryname="Search Engines" reason="category"

2021:04:14-06:08:28 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3272" request="0xc5e2e00" url="">https://www.bing.com/" referer="" error="" authtime="2" dnstime="0" aptptime="0" cattime="284" avscantime="0" fullreqtime="203256" device="1" auth="2" ua="" exceptions="" category="145" reputation="neutral" categoryname="Search Engines" reason="category"

2021:04:14-06:08:29 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3268" request="0xc5927c00" url="">https://www.bild.de/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="25234" avscantime="0" fullreqtime="295201" device="1" auth="2" ua="" exceptions="" category="134" reputation="neutral" categoryname="General News" reason="category"

2021:04:14-06:08:30 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3266" request="0xc686000" url="">https://as.bild.de/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="26829" avscantime="0" fullreqtime="289122" device="1" auth="2" ua="" exceptions="" category="134" reputation="trusted" categoryname="General News" reason="category"

2021:04:14-06:08:30 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3278" request="0xc32b800" url="">https://www.asadcdn.com/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="24999" avscantime="0" fullreqtime="291561" device="1" auth="2" ua="" exceptions="" category="177" reputation="neutral" categoryname="Content Server" reason="category"

2021:04:14-06:08:30 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3270" request="0xe5cd5500" url="">https://script.ioam.de/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="32046" avscantime="0" fullreqtime="292115" device="1" auth="2" ua="" exceptions="" category="105" reputation="neutral" categoryname="Business" reason="category"

2021:04:14-06:08:30 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3284" request="0xe4e26a00" url="">https://code.bildstatic.de/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="33019" avscantime="0" fullreqtime="293509" device="1" auth="2" ua="" exceptions="" category="177" reputation="neutral" categoryname="Content Server" reason="category"

2021:04:14-06:08:30 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3268" request="0x1137b500" url="">https://www.bild.de/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="163" avscantime="0" fullreqtime="208852" device="1" auth="2" ua="" exceptions="" category="134" reputation="neutral" categoryname="General News" reason="category"

2021:04:14-06:08:36 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="0" request="0x118d9500" url="">https://a.bildstatic.de/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="6002632" avscantime="0" fullreqtime="6003881" device="1" auth="2" ua="" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized" reason="category"

2021:04:14-06:08:39 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3523" request="0xd13ed800" url="">ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx/h0Ztl+z8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g/6+rkS7QYXjzkCEALnkXH7gCHpP+LZg4NMUMA=" referer="" error="" authtime="3" dnstime="0" aptptime="0" cattime="173" avscantime="0" fullreqtime="607" device="1" auth="2" ua="Microsoft-CryptoAPI/10.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware" reason="category"

2021:04:14-06:08:39 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3323" request="0xc5950300" url="">crl3.digicert.com/DigiCertGlobalRootG2.crl" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="108" avscantime="0" fullreqtime="320" device="1" auth="2" ua="Microsoft-CryptoAPI/10.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware" reason="category"

2021:04:14-06:08:39 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3323" request="0x1134ce00" url="">crl4.digicert.com/DigiCertGlobalRootG2.crl" referer="" error="" authtime="4" dnstime="0" aptptime="0" cattime="252" avscantime="0" fullreqtime="763" device="1" auth="2" ua="Microsoft-CryptoAPI/10.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware" reason="category"

2021:04:14-06:08:39 main-2 httpproxy[7643]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.17.77" dstip="51.144.113.175" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="9544" request="0xe5bb1100" url="">nav.smartscreen.microsoft.com/" referer="" error="" authtime="0" dnstime="305" aptptime="0" cattime="0" avscantime="0" fullreqtime="156320" device="1" auth="2" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size" application="micrsoft" app-id="1151"

2021:04:14-06:08:40 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3308" request="0xe4e26300" url="">odd-logistix.odd-webhosting.de/" referer="" error="" authtime="0" dnstime="0" aptptime="0" cattime="111" avscantime="0" fullreqtime="290933" device="1" auth="2" ua="" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized" reason="category"

2021:04:14-06:08:40 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3293" request="0xe3f61100" url="">config.edge.skype.com/" referer="" error="" authtime="2" dnstime="0" aptptime="0" cattime="243" avscantime="0" fullreqtime="308907" device="1" auth="2" ua="" exceptions="" category="122" reputation="neutral" categoryname="Instant Messaging" reason="category"

Hier dann der Workaround mit http://ebay.de

2021:04:14-06:17:22 main-2 httpproxy[7643]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.17.77" dstip="66.211.172.37" user="joelgl" group="" ad_domain="**********" statuscode="301" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xd8d59100" url="">http://ebay.de/" referer="" error="" authtime="97" dnstime="946" aptptime="0" cattime="25378" avscantime="0" fullreqtime="355089" device="1" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.75" exceptions="" category="158" reputation="trusted" categoryname="Auctions/Classifieds" application="ebay" app-id="134"

Nun gehen alle https-Seiten auf. Mitarbeiter hat seitdem auch keine Probleme mehr beim öffnen von Websites.

2021:04:14-06:17:22 main-2 httpproxy[7643]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.17.77" dstip="" user="joelgl" group="" ad_domain="**********" statuscode="200" cached="1" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="471" request="0xd8fb4a00" url="">ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh/sBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H/z9DKA=" referer="" error="" authtime="95" dnstime="0" aptptime="0" cattime="200" avscantime="376" fullreqtime="3218" device="1" auth="2" ua="Microsoft-CryptoAPI/10.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware" content-type="application/ocsp-response“

2021:04:14-06:17:33 main-2 httpproxy[7643]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.17.77" dstip="62.159.35.30" user="joelgl" group="" ad_domain="**********" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="48222" request="0xb5cdc00" url="">odd-logistix.odd-webhosting.de/" referer="" error="" authtime="67" dnstime="205" aptptime="0" cattime="91" avscantime="0" fullreqtime="5099547" device="1" auth="2" ua="" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized"

2021:04:14-07:19:03 main-2 httpproxy[7643]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.17.77" dstip="13.107.42.23" user="joelgl" group="" ad_domain="**********" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7952" request="0xe4c54300" url="">config.edge.skype.com/" referer="" error="" authtime="22" dnstime="129" aptptime="0" cattime="107" avscantime="0" fullreqtime="47689" device="1" auth="2" ua="" exceptions="" category="122" reputation="neutral" categoryname="Instant Messaging" application="skype" app-id="448"

2021:04:14-10:54:32 main-2 httpproxy[7643]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.17.77" dstip="52.178.182.73" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="9505" request="0xd1138e00" url="">nav.smartscreen.microsoft.com/" referer="" error="" authtime="0" dnstime="384" aptptime="0" cattime="0" avscantime="0" fullreqtime="164248" device="1" auth="2" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size" application="micrsoft" app-id="1151"

Hallo Bob,

ich hatte Glück und konnte in den heutigen Locks bei einer IP-Adresse diverse block Einträge finden.
Der Mitarbeiter hat es echt lange und oft versucht. 
Gegen 6:17 hat dann wohl ein Kollege mit http://ebay.de ausgeholfen.

Seitdem gehen sämtliches Seiten auf.

Ich hoffe es hilft euch weiter

Gruß

Marcel

2021:04:14-06:08:27 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3272" request="0xe4c28300" url="">https://www.bing.com/" referer="" error="" authtime="2" dnstime="0" aptptime="0" cattime="161" avscantime="0" fullreqtime="204247" device="1" auth="2" ua="" exceptions="" category="145" reputation="neutral" categoryname="Search Engines" reason="category"

2021:04:14-06:08:28 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3272" request="0xc5e2e00" url="">https://www.bing.com/" referer="" error="" authtime="2" dnstime="0" aptptime="0" cattime="284" avscantime="0" fullreqtime="203256" device="1" auth="2" ua="" exceptions="" category="145" reputation="neutral" categoryname="Search Engines" reason="category"

2021:04:14-06:08:29 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3268" request="0xc5927c00" url="">https://www.bild.de/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="25234" avscantime="0" fullreqtime="295201" device="1" auth="2" ua="" exceptions="" category="134" reputation="neutral" categoryname="General News" reason="category"

2021:04:14-06:08:30 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3266" request="0xc686000" url="">https://as.bild.de/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="26829" avscantime="0" fullreqtime="289122" device="1" auth="2" ua="" exceptions="" category="134" reputation="trusted" categoryname="General News" reason="category"

2021:04:14-06:08:30 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3278" request="0xc32b800" url="">https://www.asadcdn.com/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="24999" avscantime="0" fullreqtime="291561" device="1" auth="2" ua="" exceptions="" category="177" reputation="neutral" categoryname="Content Server" reason="category"

2021:04:14-06:08:30 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3270" request="0xe5cd5500" url="">https://script.ioam.de/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="32046" avscantime="0" fullreqtime="292115" device="1" auth="2" ua="" exceptions="" category="105" reputation="neutral" categoryname="Business" reason="category"

2021:04:14-06:08:30 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3284" request="0xe4e26a00" url="">https://code.bildstatic.de/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="33019" avscantime="0" fullreqtime="293509" device="1" auth="2" ua="" exceptions="" category="177" reputation="neutral" categoryname="Content Server" reason="category"

2021:04:14-06:08:30 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3268" request="0x1137b500" url="">https://www.bild.de/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="163" avscantime="0" fullreqtime="208852" device="1" auth="2" ua="" exceptions="" category="134" reputation="neutral" categoryname="General News" reason="category"

2021:04:14-06:08:36 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="0" request="0x118d9500" url="">https://a.bildstatic.de/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="6002632" avscantime="0" fullreqtime="6003881" device="1" auth="2" ua="" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized" reason="category"

2021:04:14-06:08:39 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3523" request="0xd13ed800" url="">ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx/h0Ztl+z8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g/6+rkS7QYXjzkCEALnkXH7gCHpP+LZg4NMUMA=" referer="" error="" authtime="3" dnstime="0" aptptime="0" cattime="173" avscantime="0" fullreqtime="607" device="1" auth="2" ua="Microsoft-CryptoAPI/10.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware" reason="category"

2021:04:14-06:08:39 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3323" request="0xc5950300" url="">crl3.digicert.com/DigiCertGlobalRootG2.crl" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="108" avscantime="0" fullreqtime="320" device="1" auth="2" ua="Microsoft-CryptoAPI/10.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware" reason="category"

2021:04:14-06:08:39 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3323" request="0x1134ce00" url="">crl4.digicert.com/DigiCertGlobalRootG2.crl" referer="" error="" authtime="4" dnstime="0" aptptime="0" cattime="252" avscantime="0" fullreqtime="763" device="1" auth="2" ua="Microsoft-CryptoAPI/10.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware" reason="category"

2021:04:14-06:08:39 main-2 httpproxy[7643]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.17.77" dstip="51.144.113.175" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="9544" request="0xe5bb1100" url="">nav.smartscreen.microsoft.com/" referer="" error="" authtime="0" dnstime="305" aptptime="0" cattime="0" avscantime="0" fullreqtime="156320" device="1" auth="2" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size" application="micrsoft" app-id="1151"

2021:04:14-06:08:40 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3308" request="0xe4e26300" url="">odd-logistix.odd-webhosting.de/" referer="" error="" authtime="0" dnstime="0" aptptime="0" cattime="111" avscantime="0" fullreqtime="290933" device="1" auth="2" ua="" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized" reason="category"

2021:04:14-06:08:40 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3293" request="0xe3f61100" url="">config.edge.skype.com/" referer="" error="" authtime="2" dnstime="0" aptptime="0" cattime="243" avscantime="0" fullreqtime="308907" device="1" auth="2" ua="" exceptions="" category="122" reputation="neutral" categoryname="Instant Messaging" reason="category"

Hier dann der Workaround mit http://ebay.de

2021:04:14-06:17:22 main-2 httpproxy[7643]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.17.77" dstip="66.211.172.37" user="joelgl" group="" ad_domain="**********" statuscode="301" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xd8d59100" url="">http://ebay.de/" referer="" error="" authtime="97" dnstime="946" aptptime="0" cattime="25378" avscantime="0" fullreqtime="355089" device="1" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.75" exceptions="" category="158" reputation="trusted" categoryname="Auctions/Classifieds" application="ebay" app-id="134"

Nun gehen alle https-Seiten auf. Mitarbeiter hat seitdem auch keine Probleme mehr beim öffnen von Websites.

2021:04:14-06:17:22 main-2 httpproxy[7643]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.17.77" dstip="" user="joelgl" group="" ad_domain="**********" statuscode="200" cached="1" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="471" request="0xd8fb4a00" url="">ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh/sBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H/z9DKA=" referer="" error="" authtime="95" dnstime="0" aptptime="0" cattime="200" avscantime="376" fullreqtime="3218" device="1" auth="2" ua="Microsoft-CryptoAPI/10.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware" content-type="application/ocsp-response“

2021:04:14-06:17:33 main-2 httpproxy[7643]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.17.77" dstip="62.159.35.30" user="joelgl" group="" ad_domain="**********" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="48222" request="0xb5cdc00" url="">odd-logistix.odd-webhosting.de/" referer="" error="" authtime="67" dnstime="205" aptptime="0" cattime="91" avscantime="0" fullreqtime="5099547" device="1" auth="2" ua="" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized"

2021:04:14-07:19:03 main-2 httpproxy[7643]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.17.77" dstip="13.107.42.23" user="joelgl" group="" ad_domain="**********" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7952" request="0xe4c54300" url="">config.edge.skype.com/" referer="" error="" authtime="22" dnstime="129" aptptime="0" cattime="107" avscantime="0" fullreqtime="47689" device="1" auth="2" ua="" exceptions="" category="122" reputation="neutral" categoryname="Instant Messaging" application="skype" app-id="448"

2021:04:14-10:54:32 main-2 httpproxy[7643]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.17.77" dstip="52.178.182.73" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="9505" request="0xd1138e00" url="">nav.smartscreen.microsoft.com/" referer="" error="" authtime="0" dnstime="384" aptptime="0" cattime="0" avscantime="0" fullreqtime="164248" device="1" auth="2" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size" application="micrsoft" app-id="1151"

Hallo Marcel,

Please show pictures of the 'Default Web Filter Profile' and of the Policies.  For some reason, the user initially fails to qualify for the 'Default content filter action' as the blocks are all done by the 'Default content filter block action'.  Does this also happen on other PCs?

MfG - Bob (Bitte auf Deutsch weiterhin.)
PS I'm like you, just with English and German switched. 

Hallo Bob,

hier die Bilder der "Default Web Filter Profile" und der Policies.

Ich glaube hier schon den Fehler gefunden zu haben.
Die Policy 'Default Content Filter profile assignment' erlaubt einige Kategorien, die die Base Policy zuvor oder danach blockt. 
Also eventuell ein Policy Konflikt? Oder der Block setzt sich durch, weil verneinen ja immer stärker ist von der Berechtigung.

Gruß

Marcel

Policies:

Base Policy: 'Default content filter block action':

Default content filter profile assignment: 'Default content filter action'

Please show a picture of the "Default content filter profile assignment" Policy with 'Advanced' open.

MfG - Bob (Bitte auf Deutsch weiterhin.)

Hallo Bob,

Sorry war die letzten Tage verhindert.

Hier das gewünschte Bild:

Grüße

Marcel

It's still a mystery why the initial requests did not qualify for the 'Default content filter action'.  How about a picture of the 'Global' tab?

MfG - Bob (Bitte auf Deutsch weiterhin.)

Hallo Bob,

wie gewünscht hier das Bild des "global Tab".

Die Device Specific Authentfizierung hatten wir mal zum Test aktiviert. Das hat jedoch auch nicht geholfen.

Gruß

Marcel Karl

Now we see it, Marcel - "authentication failure" is the reason.  That's supported by the fact that the log lines show "block" when the user is "" and "pass" when it's "joelgl".  That seems like a problem with the AD server or your LAN instead of Web Filtering on the UTM.

MfG - Bob (Bitte auf Deutsch weiterhin.)

Hallo Bob,

also muss ich entweder schauen, woran es am Domain Controller liegt oder ich nehme den Haken raus.
Dann greift aber vermutlich die Filterung für die Benutzer nicht mehr oder?

Ich habe gerade eben auch noch gelesen, dass es wohl eine Limitation des AD/SSO gibt.
Hier mal der englische Auszug und Link:

support.sophos.com/.../KB-000035087

Limitations of AD SSO

You can authenticate only standard HTTP requests through the proxy when using AD/SSO in Transparent Mode.
This only works when your browser makes a standard (non HTTPS) web request, and may not work for the applications and services listed below:   

• HTTPS
• Any URL with a parameter
• AJAX requests
• Any application which does not contain Mozilla in the User Agent string (non browser)

However, in UTM F/W >= 9.111, the proxy will use the last successful cached authentication for the same user, when non-standard web requests (HTTPS) are made, or when a non-browser application makes a web request.

This feature will prevent further authentication challenges from the proxy as long as there is an initial (successful) standard HTTP request which has been authenticated.

Gruß Marcel

Vielen Dank, Marcel !  Since I've always used Standard mode when configuring with AD/SSO, I've never run into this.

In fact, if you configure the PCs to use the Proxy explicitly, Web Filtering will react as if you had configured it in Standard mode, so the limitation of being in Transparent would disappear.

MfG - Bob (Bitte auf Deutsch weiterhin.)

Hallo Bob,

vielen Dank für die Hilfe, das hat mich sehr weiter gebracht.
Ich werde mal die letzten 3 Posts als Antwort markieren.

Gruß Marcel