Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 1080 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Webfiltering IPV6 Leakage when only enabled for IPV4

Jay Jay

UTM: 9.707-5 - home license
IPV6 type - Native using PD, LAN clients via SLAAC

Goal: To allow ipv6 port 80/443 traffic to very specific end points

Issue: Several ipv6 test sites report wan ipv6 address even though only ipv4 is allowed through web proxy

Interfaces:

WAN:


Lan:


Note: ISP (att) provides /60 prefix via PD. For reasons outside the scope of this posting, wan ipv6 needs to be statically set, and is set to the first (w:x:y:0000::1) available /64 subnet. Lan is set to the next available subnet (w:x:y:0001::1) /64 subnet.

Web Proxy configure for ipv4 only

By all accounts, webfiltering should only proxy ipv4 traffic? However this is not the case, the following two sites indicate the wan ipv6 address.

http://testmyipv6.com/
http://www.traceroute6.net/

Even more bizarre, this behavior is present when the client (win10) has ipv6 disabled entirely.

Web proxy log indicates a translation to those two

2022:04:19-13:35:29 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="2001:2e8:665:0:2:1:0:2d" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdc576000" url="http://www.traceroute6.net/top.html" referer="http://www.traceroute6.net/" error="" authtime="0" dnstime="315" aptptime="88" cattime="79" avscantime="0" fullreqtime="355569" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="neutral" categoryname="Internet Services" country="Japan"
2022:04:19-13:35:29 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="128.30.52.100" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdb002000" url="http://www.w3.org/Icons/valid-xhtml10" referer="http://www.traceroute6.net/top.html" error="" authtime="0" dnstime="343" aptptime="99" cattime="89" avscantime="0" fullreqtime="991124" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="trusted" categoryname="Internet Services" country="United States"
2022:04:19-13:35:29 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="2001:2e8:665:0:2:1:0:2d" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdb6ec300" url="http://www.traceroute6.net/cgi-bin/clg3.cgi" referer="http://www.traceroute6.net/" error="" authtime="0" dnstime="317" aptptime="96" cattime="55" avscantime="8950" fullreqtime="506739" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="neutral" categoryname="Internet Services" country="Japan" content-type="text/html" sandbox="-"
2022:04:19-13:35:29 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="2001:2e8:665:0:2:1:0:2d" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdba91c00" url="http://www.traceroute6.net/" referer="" error="" authtime="0" dnstime="296" aptptime="75" cattime="71" avscantime="0" fullreqtime="298366" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="neutral" categoryname="Internet Services" country="Japan"
2022:04:19-13:35:29 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="2001:2e8:665:0:2:1:0:2d" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdbf25800" url="http://www.traceroute6.net/top.html" referer="http://www.traceroute6.net/" error="" authtime="0" dnstime="368" aptptime="79" cattime="84" avscantime="0" fullreqtime="290960" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="neutral" categoryname="Internet Services" country="Japan"
2022:04:19-13:35:29 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="128.30.52.100" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdb002000" url="http://www.w3.org/Icons/valid-xhtml10" referer="http://www.traceroute6.net/top.html" error="" authtime="0" dnstime="0" aptptime="96" cattime="78" avscantime="0" fullreqtime="785671" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="trusted" categoryname="Internet Services"
2022:04:19-13:35:30 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="2001:2e8:665:0:2:1:0:2d" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7837" request="0xdb6ea700" url="http://www.traceroute6.net/cgi-bin/clg3.cgi" referer="http://www.traceroute6.net/" error="" authtime="0" dnstime="388" aptptime="53" cattime="49" avscantime="8834" fullreqtime="520356" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="neutral" categoryname="Internet Services" country="Japan" content-type="text/html" sandbox="-"
2022:04:19-13:35:30 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="2001:2e8:665:0:2:1:0:2d" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xda3a0300" url="http://www.traceroute6.net/" referer="" error="" authtime="0" dnstime="411" aptptime="128" cattime="135" avscantime="0" fullreqtime="300897" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="neutral" categoryname="Internet Services" country="Japan"
2022:04:19-13:35:30 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="2001:2e8:665:0:2:1:0:2d" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdb9fd500" url="http://www.traceroute6.net/top.html" referer="http://www.traceroute6.net/" error="" authtime="0" dnstime="308" aptptime="114" cattime="157" avscantime="0" fullreqtime="326551" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="neutral" categoryname="Internet Services" country="Japan"
2022:04:19-13:35:30 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="128.30.52.100" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdb002000" url="http://www.w3.org/Icons/valid-xhtml10" referer="http://www.traceroute6.net/top.html" error="" authtime="0" dnstime="370" aptptime="109" cattime="81" avscantime="0" fullreqtime="1033586" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="trusted" categoryname="Internet Services" country="United States"
2022:04:19-13:35:31 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="2001:2e8:665:0:2:1:0:2d" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdb6b1100" url="http://www.traceroute6.net/cgi-bin/clg3.cgi" referer="http://www.traceroute6.net/" error="" authtime="0" dnstime="346" aptptime="106" cattime="81" avscantime="9211" fullreqtime="479919" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="neutral" categoryname="Internet Services" country="Japan" content-type="text/html" sandbox="-"
2022:04:19-13:35:31 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="2001:2e8:665:0:2:1:0:2d" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdba93800" url="http://www.traceroute6.net/" referer="" error="" authtime="0" dnstime="342" aptptime="106" cattime="94" avscantime="0" fullreqtime="298549" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="neutral" categoryname="Internet Services" country="Japan"
2022:04:19-13:35:31 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="2001:2e8:665:0:2:1:0:2d" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdaa54300" url="http://www.traceroute6.net/top.html" referer="http://www.traceroute6.net/" error="" authtime="0" dnstime="379" aptptime="105" cattime="91" avscantime="0" fullreqtime="302375" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="neutral" categoryname="Internet Services" country="Japan"
2022:04:19-13:35:31 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="128.30.52.100" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdb002000" url="http://www.w3.org/Icons/valid-xhtml10" referer="http://www.traceroute6.net/top.html" error="" authtime="0" dnstime="0" aptptime="110" cattime="95" avscantime="0" fullreqtime="761652" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="trusted" categoryname="Internet Services"
2022:04:19-13:35:31 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="2001:2e8:665:0:2:1:0:2d" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7837" request="0xdb111c00" url="http://www.traceroute6.net/cgi-bin/clg3.cgi" referer="http://www.traceroute6.net/" error="" authtime="0" dnstime="385" aptptime="123" cattime="131" avscantime="8799" fullreqtime="482203" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="neutral" categoryname="Internet Services" country="Japan" content-type="text/html" sandbox="-"
2022:04:19-13:35:31 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="2606:4100:3880:1234::78" user="" group="" ad_domain="" statuscode="301" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xda47ae00" url="http://www.ipv6forum.com/ipv6_enabled/sa/SA.php?id=2272" referer="http://www.traceroute6.net/cgi-bin/clg3.cgi" error="" authtime="0" dnstime="354" aptptime="83" cattime="78" avscantime="1546" fullreqtime="59201" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="165" reputation="neutral" categoryname="Technical/Business Forums" country="United States" content-type="text/html" sandbox="-"
2022:04:19-13:35:32 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="A.B.C.100" dstip="132.177.123.78" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1767" request="0x9566300" url="https://www.ipv6forum.com/" referer="" error="" authtime="0" dnstime="0" aptptime="60" cattime="65" avscantime="0" fullreqtime="5091843" device="0" auth="0" ua="" exceptions="ssl,certcheck,certdate,patience" category="165" reputation="neutral" categoryname="Technical/Business Forums" country="United States"
2022:04:19-13:35:32 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="2001:2e8:665:0:2:1:0:2d" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdba92a00" url="http://www.traceroute6.net/" referer="" error="" authtime="0" dnstime="247" aptptime="59" cattime="58" avscantime="0" fullreqtime="319062" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="neutral" categoryname="Internet Services" country="Japan"
2022:04:19-13:35:32 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="2001:2e8:665:0:2:1:0:2d" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdbcc5c00" url="http://www.traceroute6.net/top.html" referer="http://www.traceroute6.net/" error="" authtime="0" dnstime="338" aptptime="90" cattime="70" avscantime="0" fullreqtime="298348" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="neutral" categoryname="Internet Services" country="Japan"
2022:04:19-13:35:32 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="128.30.52.100" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdb002000" url="http://www.w3.org/Icons/valid-xhtml10" referer="http://www.traceroute6.net/top.html" error="" authtime="0" dnstime="399" aptptime="143" cattime="92" avscantime="0" fullreqtime="1029285" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="trusted" categoryname="Internet Services" country="United States"
2022:04:19-13:35:32 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="2001:2e8:665:0:2:1:0:2d" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdaa82a00" url="http://www.traceroute6.net/cgi-bin/clg3.cgi" referer="http://www.traceroute6.net/" error="" authtime="0" dnstime="326" aptptime="108" cattime="91" avscantime="8883" fullreqtime="502348" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="neutral" categoryname="Internet Services" country="Japan" content-type="text/html" sandbox="-"
2022:04:19-13:35:33 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="2001:2e8:665:0:2:1:0:2d" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xda85f800" url="http://www.traceroute6.net/" referer="" error="" authtime="0" dnstime="334" aptptime="88" cattime="80" avscantime="0" fullreqtime="338216" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="neutral" categoryname="Internet Services" country="Japan"
2022:04:19-13:35:33 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="2001:2e8:665:0:2:1:0:2d" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdb9fe300" url="http://www.traceroute6.net/top.html" referer="http://www.traceroute6.net/" error="" authtime="0" dnstime="384" aptptime="124" cattime="127" avscantime="0" fullreqtime="326560" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="neutral" categoryname="Internet Services" country="Japan"
2022:04:19-13:35:33 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="128.30.52.100" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdb002000" url="http://www.w3.org/Icons/valid-xhtml10" referer="http://www.traceroute6.net/top.html" error="" authtime="0" dnstime="337" aptptime="115" cattime="114" avscantime="0" fullreqtime="911589" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="trusted" categoryname="Internet Services" country="United States"
2022:04:19-13:35:33 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="2001:2e8:665:0:2:1:0:2d" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7837" request="0xdb9ff100" url="http://www.traceroute6.net/cgi-bin/clg3.cgi" referer="http://www.traceroute6.net/" error="" authtime="0" dnstime="347" aptptime="132" cattime="75" avscantime="8803" fullreqtime="483590" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="178" reputation="neutral" categoryname="Internet Services" country="Japan" content-type="text/html" sandbox="-"
2022:04:19-13:35:33 utm httpproxy[15066]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="A.B.C.100" dstip="2606:4100:3880:1234::78" user="" group="" ad_domain="" statuscode="301" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="264" request="0xdbea3500" url="http://www.ipv6forum.com/ipv6_enabled/sa/SA.php?id=2272" referer="http://www.traceroute6.net/cgi-bin/clg3.cgi" error="" authtime="0" dnstime="351" aptptime="109" cattime="88" avscantime="1276" fullreqtime="58706" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="165" reputation="neutral" categoryname="Technical/Business Forums" country="United States" content-type="text/html" sandbox="-"
2022:04:19-13:35:33 utm httpproxy[15066]: id="0067" severity="info" sys="SecureWeb" sub="http" name="web request blocked, connection to forbidden country" action="block" method="GET" srcip="A.B.C.100" dstip="2401:df40:1::33:582b:1886" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3331" request="0xdb530e00" url="http://www.ipv6enabled.org/ipv6_enabled/sa/SA.php?id=2272" referer="http://www.traceroute6.net/cgi-bin/clg3.cgi" error="" authtime="0" dnstime="1" aptptime="79" cattime="101" avscantime="0" fullreqtime="588" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" exceptions="ssl,certcheck,certdate,patience" category="111" reputation="neutral" categoryname="Education/Reference" country="Hong Kong"

In a different thread from a few years ago - 

It was mentioned this is by design. 

There is no ipv6 masq enabled, only for ipv4. No ipv6 tunnels

The IPv6 tab looks like this

Native over External (WAN): W:X:Y:0000::1
Subnet: W:X:Y:0000/64
Delegated Prefix: W:X:Y:0000::/60

When the web proxy is disabled or the internal_port2_ipv4 removed from its Allowed Networks, those two sites only report my WAN ipv4 address as expected.

Thank you for reading this long post, hopefully all pertinent information has been included.

Thoughts/suggestions?



This thread was automatically locked due to age.
Parents
  • 0

    I've poked around a bit more in the web filter options.

    Over in the filtering options, MISC tab, all the way on the bottom is something called "Enable Pharming Protection".  This was enabled.

    I disabled it then refreshed the pages.  They are now correctly reporting the ipv4 only.

    Still, this doesn't address why the resolution of domain coming from an ipv4 request is getting resolved into an ipv6 ip.

    This article which describes pharming protection functionality does not discuss ipv4/ipv6 - https://support.sophos.com/support/s/article/KB-000038282?language=en_US .

    In item 5 under Pharming protection enabled,

    5. If they are allowed to reach this host, the firewall will then re-resolve the host <domain.com> using its configured DNS Servers.

    This seems counter productive. If my hosts file is compromised or altered, I'd like to know.  By getting the certificate error I'd know something was up. By re-resolving to the correct IP and serving the page, I have no idea something is wrong.  Logic broken here?

    I tested this out by adding an entry to windows hosts to point to some none existant ip address for a particular website. Sure enough with pharming protection on it served the page just fine. WIth it off I got nothing.

    I see no point in this protection as there's no notification of the issue. Resolving behind the scenes is good for the user experience, not so much for the device safety.

    Further, this still doesn't address why the ipv4-->ipv6 conversion is happening. For my use, I'm leaving this option disabled.

Reply
  • 0

    I've poked around a bit more in the web filter options.

    Over in the filtering options, MISC tab, all the way on the bottom is something called "Enable Pharming Protection".  This was enabled.

    I disabled it then refreshed the pages.  They are now correctly reporting the ipv4 only.

    Still, this doesn't address why the resolution of domain coming from an ipv4 request is getting resolved into an ipv6 ip.

    This article which describes pharming protection functionality does not discuss ipv4/ipv6 - https://support.sophos.com/support/s/article/KB-000038282?language=en_US .

    In item 5 under Pharming protection enabled,

    5. If they are allowed to reach this host, the firewall will then re-resolve the host <domain.com> using its configured DNS Servers.

    This seems counter productive. If my hosts file is compromised or altered, I'd like to know.  By getting the certificate error I'd know something was up. By re-resolving to the correct IP and serving the page, I have no idea something is wrong.  Logic broken here?

    I tested this out by adding an entry to windows hosts to point to some none existant ip address for a particular website. Sure enough with pharming protection on it served the page just fine. WIth it off I got nothing.

    I see no point in this protection as there's no notification of the issue. Resolving behind the scenes is good for the user experience, not so much for the device safety.

    Further, this still doesn't address why the ipv4-->ipv6 conversion is happening. For my use, I'm leaving this option disabled.

Children
No Data
Unfiltered HTML