This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Protection makes non-blocked domain time out

I'm having an odd issue with Web Protection causing a website to time out and never load.

The Web Protection log shows it passing the website.

 

Yet the website won't load. However, if I disable the Web Protection module, the website then loads. So it seems Web Protection is still interfering somehow.

Here's a packet capture of a session when I tried to load the site.

I tried whitelisting the domain in Web Protection, but the issue remains.

EDIT: I'm running UTM version 9.509-3.



This thread was automatically locked due to age.
Parents
  • In my observation, most major websites have embedded components from unrelated sources.   I would check the web filtering logs for something getting blocked by category, and the intrusion protection logs for something getting blocked by IPS.   IPS blocks should also produce a webfilter log entry of timeout (502 if I remember correctly), but only after a delay of up to two minutes.   I don't think I have ever seen a timeout where the only statuscode is 200.

  • On further consideration, neither Bob's theory (AntiVirus) nor mine (IPS) fit your situation.   Since the connection is using https without inspection, these defenses would be inactive.

    Suggest you activate https inspection, and see if the additional logging gives you insight into the real problem.

  • Thanks for the suggestions. Before switching to HTTPS scanning I didn't see anything else from the Web Filter, Firewall, or IPS logs.

    Below are the results from the Web Filter log after I switched HTTPS scanning from "URL filtering only" to "Decrypt and scan".

  • If the "504" on oplates.com isn't resolved with an Exception for antivirus, skipping the Proxy is usually the only solution.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • If the "504" on oplates.com isn't resolved with an Exception for antivirus, skipping the Proxy is usually the only solution.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children