Thread Info
  • State Suggested Answer
  • +6 person also asked this people also asked this
  • Locked Locked
  • Replies 36 replies
  • Answers 3 answers
  • Subscribers 13 subscribers
  • Views 298779 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Quarantine Report uses HTTP links instead of HTTPS

Costas

Hello everyone,

We are using UTM version 9.510-5 on hardware appliances.

After updating to version 9.510-5 on Aug 16, 2018, all users started complaining about not being able to release their rejected emails from the quarantine. When clicking on the Release link within Quarantine Report, the browsers (Chrome and Mozilla) display this page:

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Additionally, a 400 Bad Request error was encountered while trying to use an ErrorDocument to handle the request.

The IE11 simply displays a Web page not found (404) message.

I figured out, the Release and Whitelist links within Quarantine Report point to a URL similar to this:

http://firewall:3840/release.plc?proto=pop3&id=233473&secure=39bf55d252ef2ca8e9be4fc5bfa75140

Then, I pasted this link into my browser and changed http to https. It worked just fine, and I got back a normal message from UTM.

Can anybody suggest where in UTM there is a setting to configure the Release and Whitelist links within Quarantine Report sent by email (see image below) to be https instead of http? I seem to have checked everything: Management, Email Protection, and all other sections...

Will appreciate any advice!



This thread was automatically locked due to age.
Parents
  • 0

    To clarify...

    I'm not seeing this.  Quarantine reports use https in 9.510-5.  That's why I suspect that you have a unique situation that Support should look at.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    To update everyone on the status of my support ticket with Sophos,

    There's been nothing useful during the course of the week of Aug 20th. Sophos eventually escalated the case to their global escalation specialists (GES) level, who is supposed to response within 2 business days, which is the end of Tuesday, Aug 28th.

    Will post the results...

  • 0 in reply to Costas

    GES will collect the documentation for sending your problem to development.   You have made it through the hurdles.

    In the more distant past, Sophos would go silent after GES made their bug package.   On my most recent GES case, I was favorably impressed because I received email updates on a regular basis (I think about every 2-3 weeks) until the patch was released in a new version.   Wonder whether your bug will be a hotfix or a future release.

    Unfortunately, my patch is in 9.510 but I have been afraid to upgrade so I am still on 9.506.

     

  • 0 in reply to DouglasFoster

    Hello,

     

    we experience the same issue with 9.510-5.

     

    Any news from sophos on how long it is expected to solve this bug?

     

    Thanks,

     

    Paul

  • 0 in reply to Paul H

    The problem is still on and keeps me busy releasing spammed email from quarantine for everyone in the company.

    Sophos informed us last week that they could not replicate the issue in their environment, and requested my consent to install an RPM package to collect more logs.

Reply
  • 0 in reply to Paul H

    The problem is still on and keeps me busy releasing spammed email from quarantine for everyone in the company.

    Sophos informed us last week that they could not replicate the issue in their environment, and requested my consent to install an RPM package to collect more logs.

Children
No Data
Unfiltered HTML