This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Quarantine Report uses HTTP links instead of HTTPS

Hello everyone,

We are using UTM version 9.510-5 on hardware appliances.

After updating to version 9.510-5 on Aug 16, 2018, all users started complaining about not being able to release their rejected emails from the quarantine. When clicking on the Release link within Quarantine Report, the browsers (Chrome and Mozilla) display this page:

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Additionally, a 400 Bad Request error was encountered while trying to use an ErrorDocument to handle the request.

The IE11 simply displays a Web page not found (404) message.

I figured out, the Release and Whitelist links within Quarantine Report point to a URL similar to this:

http://firewall:3840/release.plc?proto=pop3&id=233473&secure=39bf55d252ef2ca8e9be4fc5bfa75140

Then, I pasted this link into my browser and changed http to https. It worked just fine, and I got back a normal message from UTM.

Can anybody suggest where in UTM there is a setting to configure the Release and Whitelist links within Quarantine Report sent by email (see image below) to be https instead of http? I seem to have checked everything: Management, Email Protection, and all other sections...

Will appreciate any advice!



This thread was automatically locked due to age.
Parents
  • To clarify...

    I'm not seeing this.  Quarantine reports use https in 9.510-5.  That's why I suspect that you have a unique situation that Support should look at.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thank you Bob,

    I will contact support on Monday and post back the results.

  • Thank you Heinrich for sharing, but it did not work for me unfortunately.

    I did it two times:
    1. Disabled and re-enabled the quarantine report without Hostname change.
    2. Same WITH hosname change

    For each of these scenarios, changed the schedule when quarantine report delivered and sent myself a spam email. The links still use HTTP...

    Thank you anyway.

  • Someone with the problem neefs to get this edcalayed with Sophos support.

  • This morning, Aug 20th, I opened the case with Sophos.

    Will post the results.

  • Same problem here checked 5 on machines.

     

    The problem exists also by using new reports. the link is a http not a https link. Already inserted a hostname in advanced option of quarantine report. After inserting hostname i stopped quarantine report and the restarted the report. send a "please buy viagra" :-) mail and wait for the next report: no change - no https link.

     

    Does anyone know what else could help?

     

    Thanks and regards

    Siegfried

  • …. finally restarted the box and sending mail to a new created pop account "test@...". Same result: URL starts with http

     

    Siegfried

  • Hi Peter,

    Thank you for your reply, however this is not an answer as you suggested.

    If re-read my question, you will see, that the links in version 9.510-5 are formed as http, not https...

  • Not seeing this anywhere.  Please insist on escalation of your case at Sophos Support.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thank you Bob,

    This was already escalated to Sophos global escalation specialists (GES) level on Aug 24th. The latest reply I received referred to their "development team" who was unable to replicate the issue.

    Can it be escalated even further?

  • I suppose that there's a danger of the following causing further damage, but it's no big loss as the alternative is re-imaging and restoring.  You can copy the logs off and back later if you need them.  Do get some backups off the UTM before you start, making sure that, in addition to the latest, you also have one that is old enough to restore to the version of the ISO that you will re-image from.

    What happens if you do this block of commands and then re-apply the 9.510 Up2Date?

    # Version change trick
    echo ' 9.509003'>/etc/version
    cd /var/up2date/sys
    wget http://ftp.astaro.com/pub/UTM/v9/up2date/u2d-sys-9.509003-510005.tgz.gpg
    # Prepare to apply in WebAdmin
    /sbin/auisys.plx --showdesc

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Just as comment:

    I had the same problem with version 9.510-5, that the http-Link in the Sophos E-Mail for Blocked messages gave a Bad Request Error in the browser. (This was today.)

    Since I went to "E-Mail-Protection->Quarantine Report->Advanced" and entered a Hostname and clicked apply (the second step suggested by Heinrich), the same http-Links started to redirect automatically to a https-Address. (just now)

    This solves my problem.

Reply
  • Just as comment:

    I had the same problem with version 9.510-5, that the http-Link in the Sophos E-Mail for Blocked messages gave a Bad Request Error in the browser. (This was today.)

    Since I went to "E-Mail-Protection->Quarantine Report->Advanced" and entered a Hostname and clicked apply (the second step suggested by Heinrich), the same http-Links started to redirect automatically to a https-Address. (just now)

    This solves my problem.

Children