This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

web request blocked: connection refused. But ONLY on some stations

Mast_01 over 6 years ago

Hello,

i'm having quite an issue with a website that gives said error from ALL internal stations... save a couple.

The setup is quite simple: utm 9.509, standard proxy web filter, not running profiles, or groups or auth or anything.

I already added an exception for the site as you can see in the log.

Policy test indicates the site is NOT blocked

When accesing the site i get:

2018:08:08-17:35:46 astaro httpproxy[16900]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.0.29" dstip="198.136.59.3" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2522" request="0xd2113600" url="www.repelautomotiva.com.br/favicon.ico" referer="www.repelautomotiva.com.br/" error="Connection refused" authtime="0" dnstime="525" cattime="0" avscantime="0" fullreqtime="331744" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"

BUT when i access it from a specific station:

2018:08:08-17:38:04 astaro httpproxy[16900]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.0.8" dstip="198.136.59.3" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4762" request="0xceb7c600" url="repelautomotiva.com.br/.../rainha-130x100.jpg" referer="" error="" authtime="0" dnstime="873" cattime="303" avscantime="5290" fullreqtime="4763487" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" exceptions="" category="105" reputation="neutral" categoryname="Business" sandbox="-" content-type="image/jpeg"
 
i've tried from cellphones, several different PCs, NOTHING is working.

This thread was automatically locked due to age.

Parents

0 sachingurung over 6 years ago

Hi Mast_01,

Can you show us a full view of the exception policy that you configured? The log shows a block from the Web Filter profile, which means the exception policy did not work.

Thanks,

Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel

0 Mast_01 over 6 years ago in reply to sachingurung

Saching,

there's no blocking for that site in the policy, and as i've said, the test workstation worked ok even before the exception.

The policy test concurs.

The error is also a problem since it's "connection refused" but not on all stations.

The exception is set as:

Skipping:

Authentication / Caching / Block by download size / Antivirus / Sandstorm / Extension blocking / MIME type blocking / URL Filter / Content Removal / SSL scanning / Certificate trust check / Certificate date check

^https?://www\.repelautomotiva\.com\.br

and you can see it IS working in the log line i pasted

apparently today it has started working correctly, dunno why

Reply