Hey guys,
We have an odd issue, where the aat website is being sporadically detected as a HOTSPOT app which we have blocked on our network. There seems to be no regular pattern to this, it just occasionally happens and stays this way for an hour or two, then normal access to the website is resumed.
The website has an exception on the proxy to allow it through - But i can't understand how / why the UTM is picking it up as an Application? Has anyone got any advice / ideas? I've attached a line from the weblog so you can see.
2018:02:06-11:32:58 sophos httpproxy[9499]: id="0066" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden application detected" action="block" method="GET" srcip="*****" dstip="13.32.67.182" user="****" group="Staff Mail- all active staff accounts" ad_domain="***" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffStaffDefauPolic (Staff Default policy)" size="3186" request="0x8a0a0400" url="https://www.aat.org.uk/login" referer="https://www.google.co.uk/" error="" authtime="37" dnstime="36170" cattime="0" avscantime="0" fullreqtime="36917" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.87 Safari/537.36" exceptions="url" overridecategory="1" overridereputation="1" application="HOTSPTSH" app-id="1074"
This thread was automatically locked due to age.
