This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Fehlermeldung bei https Websites

Guten Tag,

wir haben derzeit ein regelmäßiges Problem mit unserer Firewall im Bereich Web-Filtering.
Die FW ist im Bereich Web Filtering auf transparent Mode gestellt, sowie die Standard Authentifizierung auf AD SSO.
Der HTTPS Scan ist auf URL filtering only gestellt.
Das HTTPS CA wird an die End-User auch verteilt.

Nun zum Problem. Alle 3-4 Wochen bekommen alle Nutzer eine Fehlermeldung der FW, dass die Website blockiert sei.
Unser aktueller Workaround ist es eine http Website, wie http://bild.de zu öffnen. Danach lässt sich auch jede https Website wieder öffnen.

Das wird aber nicht ewig lange gut gehen.

Hat hier jemand einen Rat?

This thread was automatically locked due to age.

Top Replies

BAlfson over 2 years ago in reply to Marcel Karl +1 verified

Now we see it, Marcel - "authentication failure" is the reason. That's supported by the fact that the log lines show "block" when the user is "" and "pass" when it's "joelgl". That seems like a problem…

Parents

0 BAlfson over 3 years ago

Hallo Marcel,

Herzlich willkommen hier in der Community !

(Sorry, my German-speaking brain isn't creating thoughts at the moment. )

This isn't something either Philipp or I has ever seen reported here. Please show the line from the Web Filtering log that corresponds to the error message above.

When you look in the Web Filtering log for the block of portal.exchan.ge, do you see blocks of other https sites just before that? After the block and before going to bild.de, do you see all other https sites blocked?

MfG - Bob (Bitte auf Deutsch weiterhin.)

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Marcel Karl over 3 years ago in reply to BAlfson

Hallo Bob,

ich hatte Glück und konnte in den heutigen Locks bei einer IP-Adresse diverse block Einträge finden.
Der Mitarbeiter hat es echt lange und oft versucht.
Gegen 6:17 hat dann wohl ein Kollege mit http://ebay.de ausgeholfen.

Seitdem gehen sämtliches Seiten auf.

Ich hoffe es hilft euch weiter

Gruß

Marcel

2021:04:14-06:08:27 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3272" request="0xe4c28300" url="">https://www.bing.com/" referer="" error="" authtime="2" dnstime="0" aptptime="0" cattime="161" avscantime="0" fullreqtime="204247" device="1" auth="2" ua="" exceptions="" category="145" reputation="neutral" categoryname="Search Engines" reason="category"

2021:04:14-06:08:28 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3272" request="0xc5e2e00" url="">https://www.bing.com/" referer="" error="" authtime="2" dnstime="0" aptptime="0" cattime="284" avscantime="0" fullreqtime="203256" device="1" auth="2" ua="" exceptions="" category="145" reputation="neutral" categoryname="Search Engines" reason="category"

2021:04:14-06:08:29 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3268" request="0xc5927c00" url="">https://www.bild.de/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="25234" avscantime="0" fullreqtime="295201" device="1" auth="2" ua="" exceptions="" category="134" reputation="neutral" categoryname="General News" reason="category"

2021:04:14-06:08:30 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3266" request="0xc686000" url="">https://as.bild.de/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="26829" avscantime="0" fullreqtime="289122" device="1" auth="2" ua="" exceptions="" category="134" reputation="trusted" categoryname="General News" reason="category"

2021:04:14-06:08:30 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3278" request="0xc32b800" url="">https://www.asadcdn.com/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="24999" avscantime="0" fullreqtime="291561" device="1" auth="2" ua="" exceptions="" category="177" reputation="neutral" categoryname="Content Server" reason="category"

2021:04:14-06:08:30 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3270" request="0xe5cd5500" url="">https://script.ioam.de/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="32046" avscantime="0" fullreqtime="292115" device="1" auth="2" ua="" exceptions="" category="105" reputation="neutral" categoryname="Business" reason="category"

2021:04:14-06:08:30 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3284" request="0xe4e26a00" url="">https://code.bildstatic.de/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="33019" avscantime="0" fullreqtime="293509" device="1" auth="2" ua="" exceptions="" category="177" reputation="neutral" categoryname="Content Server" reason="category"

2021:04:14-06:08:30 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3268" request="0x1137b500" url="">https://www.bild.de/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="163" avscantime="0" fullreqtime="208852" device="1" auth="2" ua="" exceptions="" category="134" reputation="neutral" categoryname="General News" reason="category"

2021:04:14-06:08:36 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="0" request="0x118d9500" url="">https://a.bildstatic.de/" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="6002632" avscantime="0" fullreqtime="6003881" device="1" auth="2" ua="" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized" reason="category"

2021:04:14-06:08:39 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3523" request="0xd13ed800" url="">ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx/h0Ztl+z8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g/6+rkS7QYXjzkCEALnkXH7gCHpP+LZg4NMUMA=" referer="" error="" authtime="3" dnstime="0" aptptime="0" cattime="173" avscantime="0" fullreqtime="607" device="1" auth="2" ua="Microsoft-CryptoAPI/10.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware" reason="category"

2021:04:14-06:08:39 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3323" request="0xc5950300" url="">crl3.digicert.com/DigiCertGlobalRootG2.crl" referer="" error="" authtime="1" dnstime="0" aptptime="0" cattime="108" avscantime="0" fullreqtime="320" device="1" auth="2" ua="Microsoft-CryptoAPI/10.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware" reason="category"

2021:04:14-06:08:39 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3323" request="0x1134ce00" url="">crl4.digicert.com/DigiCertGlobalRootG2.crl" referer="" error="" authtime="4" dnstime="0" aptptime="0" cattime="252" avscantime="0" fullreqtime="763" device="1" auth="2" ua="Microsoft-CryptoAPI/10.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware" reason="category"

2021:04:14-06:08:39 main-2 httpproxy[7643]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.17.77" dstip="51.144.113.175" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="9544" request="0xe5bb1100" url="">nav.smartscreen.microsoft.com/" referer="" error="" authtime="0" dnstime="305" aptptime="0" cattime="0" avscantime="0" fullreqtime="156320" device="1" auth="2" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size" application="micrsoft" app-id="1151"

2021:04:14-06:08:40 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3308" request="0xe4e26300" url="">odd-logistix.odd-webhosting.de/" referer="" error="" authtime="0" dnstime="0" aptptime="0" cattime="111" avscantime="0" fullreqtime="290933" device="1" auth="2" ua="" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized" reason="category"

2021:04:14-06:08:40 main-2 httpproxy[7643]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.17.77" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3293" request="0xe3f61100" url="">config.edge.skype.com/" referer="" error="" authtime="2" dnstime="0" aptptime="0" cattime="243" avscantime="0" fullreqtime="308907" device="1" auth="2" ua="" exceptions="" category="122" reputation="neutral" categoryname="Instant Messaging" reason="category"

Hier dann der Workaround mit http://ebay.de

2021:04:14-06:17:22 main-2 httpproxy[7643]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.17.77" dstip="66.211.172.37" user="joelgl" group="" ad_domain="**********" statuscode="301" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xd8d59100" url="">http://ebay.de/" referer="" error="" authtime="97" dnstime="946" aptptime="0" cattime="25378" avscantime="0" fullreqtime="355089" device="1" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.75" exceptions="" category="158" reputation="trusted" categoryname="Auctions/Classifieds" application="ebay" app-id="134"

Nun gehen alle https-Seiten auf. Mitarbeiter hat seitdem auch keine Probleme mehr beim öffnen von Websites.

2021:04:14-06:17:22 main-2 httpproxy[7643]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.17.77" dstip="" user="joelgl" group="" ad_domain="**********" statuscode="200" cached="1" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="471" request="0xd8fb4a00" url="">ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh/sBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H/z9DKA=" referer="" error="" authtime="95" dnstime="0" aptptime="0" cattime="200" avscantime="376" fullreqtime="3218" device="1" auth="2" ua="Microsoft-CryptoAPI/10.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware" content-type="application/ocsp-response“

2021:04:14-06:17:33 main-2 httpproxy[7643]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.17.77" dstip="62.159.35.30" user="joelgl" group="" ad_domain="**********" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="48222" request="0xb5cdc00" url="">odd-logistix.odd-webhosting.de/" referer="" error="" authtime="67" dnstime="205" aptptime="0" cattime="91" avscantime="0" fullreqtime="5099547" device="1" auth="2" ua="" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized"

2021:04:14-07:19:03 main-2 httpproxy[7643]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.17.77" dstip="13.107.42.23" user="joelgl" group="" ad_domain="**********" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7952" request="0xe4c54300" url="">config.edge.skype.com/" referer="" error="" authtime="22" dnstime="129" aptptime="0" cattime="107" avscantime="0" fullreqtime="47689" device="1" auth="2" ua="" exceptions="" category="122" reputation="neutral" categoryname="Instant Messaging" application="skype" app-id="448"

Hier hatte der Mitarbeiter bei meinem Anruf nochmal gecheckt, was ich auch gleich im log sah.

2021:04:14-10:54:32 main-2 httpproxy[7643]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.17.77" dstip="52.178.182.73" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="9505" request="0xd1138e00" url="">nav.smartscreen.microsoft.com/" referer="" error="" authtime="0" dnstime="384" aptptime="0" cattime="0" avscantime="0" fullreqtime="164248" device="1" auth="2" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size" application="micrsoft" app-id="1151"
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 3 years ago in reply to Marcel Karl

Hallo Marcel,

Please show pictures of the 'Default Web Filter Profile' and of the Policies. For some reason, the user initially fails to qualify for the 'Default content filter action' as the blocks are all done by the 'Default content filter block action'. Does this also happen on other PCs?

MfG - Bob (Bitte auf Deutsch weiterhin.)
PS I'm like you, just with English and German switched.

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 3 years ago in reply to Marcel Karl

Hallo Marcel,

Please show pictures of the 'Default Web Filter Profile' and of the Policies. For some reason, the user initially fails to qualify for the 'Default content filter action' as the blocks are all done by the 'Default content filter block action'. Does this also happen on other PCs?

MfG - Bob (Bitte auf Deutsch weiterhin.)
PS I'm like you, just with English and German switched.

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Marcel Karl over 3 years ago in reply to BAlfson

Hallo Bob,

hier die Bilder der "Default Web Filter Profile" und der Policies.

Ich glaube hier schon den Fehler gefunden zu haben.
Die Policy 'Default Content Filter profile assignment' erlaubt einige Kategorien, die die Base Policy zuvor oder danach blockt.
Also eventuell ein Policy Konflikt? Oder der Block setzt sich durch, weil verneinen ja immer stärker ist von der Berechtigung.

Gruß

Marcel

Policies:

Base Policy: 'Default content filter block action':

Default content filter profile assignment: 'Default content filter action'
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 3 years ago in reply to Marcel Karl

Please show a picture of the "Default content filter profile assignment" Policy with 'Advanced' open.

MfG - Bob (Bitte auf Deutsch weiterhin.)

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Marcel Karl over 3 years ago in reply to BAlfson

Hallo Bob,

Sorry war die letzten Tage verhindert.

Hier das gewünschte Bild:

Grüße

Marcel
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 3 years ago in reply to Marcel Karl

It's still a mystery why the initial requests did not qualify for the 'Default content filter action'. How about a picture of the 'Global' tab?

MfG - Bob (Bitte auf Deutsch weiterhin.)

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel