This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

This site can’t be reached after Decrypt and scan function be enabled

Hi,

When I start to the "Decrypt and scan" function in the firewall, some websites will have a error message.

This site can’t be reached

www.hotel-icon.com unexpectedly closed the connection.

Try:

  • Checking the connection
  • Checking the proxy and the firewall
  • Running Windows Network Diagnostics
ERR_CONNECTION_CLOSED

If I am switching back to "URL filtering only", the website is working again. Surely, the Local LAN Setting of proxy is using "Automatic".

After check the log, the website is "pass" at "Decrypt and scan" function. From this community, someone has the same problem as before but no result. Who can teach me how to fix it?

Log:

2018:12:14-11:49:06  httpproxy[13789]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.77.192.90" dstip="101.100.216.166" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdf04a000" url="https://www.hotel-icon.com/" referer="" error="" authtime="0" dnstime="3" cattime="148" avscantime="0" fullreqtime="86089" device="0" auth="0" ua="" exceptions=""
2018:12:14-11:49:06  httpproxy[13789]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.77.192.90" dstip="101.100.216.166" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xe20cb800" url="https://www.hotel-icon.com/" referer="" error="" authtime="0" dnstime="1" cattime="49" avscantime="0" fullreqtime="87066" device="0" auth="0" ua="" exceptions=""
2018:12:14-11:49:06  httpproxy[13789]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.77.192.90" dstip="101.100.216.166" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xde0f7800" url="https://www.hotel-icon.com/" referer="" error="" authtime="0" dnstime="3" cattime="75" avscantime="0" fullreqtime="77334" device="0" auth="0" ua="" exceptions=""

 

At the same time, I found that some free music websites can entry but can't play the music with java script.  Also, the log shows "pass".

Log :

2018:12:14-12:57:10 httpproxy[13789]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.77.192.90" dstip="54.39.176.86" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdf875000" url="https://www.bensound.org/" referer="" error="" authtime="0" dnstime="2" cattime="119" avscantime="0" fullreqtime="442144" device="0" auth="0" ua="" exceptions="" category="111" reputation="neutral" categoryname="Education/Reference"
2018:12:14-12:57:10 httpproxy[13789]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.77.192.90" dstip="54.39.176.86" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xe188e000" url="https://www.bensound.org/" referer="" error="" authtime="0" dnstime="1" cattime="95" avscantime="0" fullreqtime="444409" device="0" auth="0" ua="" exceptions="" category="111" reputation="neutral" categoryname="Education/Reference"

Thanks , Thanks and Thanks



This thread was automatically locked due to age.
Parents
  • I would have expected to see something else in the logs.  What happens if you make an Exception for SSL scanning for ^https://www.hotel-icon.com/

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    When add to Exception for SSL scanning, it is work!!! 

    But the website "https://www.bensound.com" and https://web.whatsapp.com are not working in this "Exception" method, even it skips all checks.

    The "bensound" website can't play the music and "web.whatsapp" website can't generate the QR CODE or connect when the "Decrypt and scan" is enabled.

    (I already add a whitelist "^https?://[A-Za-z0-9.-]*\.whatsapp\.com/ws")

    here is the whatsapp Log:

    018:12:15-12:28:52 httpproxy[13789]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="10.77.192.196" dstip="31.13.95.63" user="" ad_domain="" statuscode="504" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2537" request="0xe1971000" url="https://web.whatsapp.com/ws" referer="" error="Timeout while reading response from Server" authtime="0" dnstime="0" cattime="116" avscantime="0" fullreqtime="61167990" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) WhatsApp/0.3.1649 Chrome/66.0.3359.181 Electron/3.0.0 Safari/537.36" exceptions="" reputation="trusted" category="122" reputation="trusted" categoryname="Instant Messaging" application="whatsapp" app-id="598"

  • When you see statuscode="504", if an exception for SSL Scanning doesn't solve the problem, you will have to skip the Proxy for the access.  fullreqtime="61167990" is another indication that whatsapp isn't "happy" being proxied with scanning active - we also see exceptions="", so there's something amiss with any Exception you created for this access.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • BAlfson said:

    When you see statuscode="504", if an exception for SSL Scanning doesn't solve the problem, you will have to skip the Proxy for the access.  fullreqtime="61167990" is another indication that whatsapp isn't "happy" being proxied with scanning active - we also see exceptions="", so there's something amiss with any Exception you created for this access.

    Cheers - Bob

     

     

    Hi Bob, 

    Where UTM sets to "skip the Proxy for the access"?

     

    Following is my setting:

    (Exceptions Setting)

     

    Error:

    (The QR Code can't be Generated)

     

    Log (From 09:41:17 to 09:44:58, all related to whatsapp):

    2018:12:17-09:41:17  httpproxy[13789]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.77.192.196" dstip="169.60.79.31" user="" ad_domain="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xca5e6000" url="w3.web.whatsapp.com/ws" referer="" error="" authtime="0" dnstime="0" cattime="129" avscantime="0" fullreqtime="228510" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" exceptions="ssl" reputation="neutral" category="122" reputation="neutral" categoryname="Instant Messaging"

     

    2018:12:17-09:41:18  httpproxy[13789]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.77.192.196" dstip="169.44.82.118" user="" ad_domain="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xd3c34800" url="w4.web.whatsapp.com/ws" referer="" error="" authtime="0" dnstime="0" cattime="88" avscantime="0" fullreqtime="184984" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" exceptions="ssl" reputation="neutral" category="122" reputation="neutral" categoryname="Instant Messaging"

     

    2018:12:17-09:41:22  httpproxy[13789]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.77.192.196" dstip="158.85.224.171" user="" ad_domain="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xe177d800" url="w5.web.whatsapp.com/ws" referer="" error="" authtime="0" dnstime="0" cattime="114" avscantime="0" fullreqtime="217695" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" exceptions="ssl" reputation="neutral" category="122" reputation="neutral" categoryname="Instant Messaging"

     

    2018:12:17-09:41:36  httpproxy[13789]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.77.192.196" dstip="169.60.79.31" user="" ad_domain="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdecb8800" url="w6.web.whatsapp.com/ws" referer="" error="" authtime="0" dnstime="0" cattime="122" avscantime="0" fullreqtime="227099" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" exceptions="ssl" reputation="trusted" category="122" reputation="trusted" categoryname="Instant Messaging"

     

    2018:12:17-09:41:53  httpproxy[13789]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.77.192.196" dstip="169.60.79.31" user="" ad_domain="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xd20b0000" url="w7.web.whatsapp.com/ws" referer="" error="" authtime="0" dnstime="0" cattime="75" avscantime="0" fullreqtime="215451" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" exceptions="ssl" reputation="trusted" category="122" reputation="trusted" categoryname="Instant Messaging"

     

    2018:12:17-09:42:22  httpproxy[13789]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.77.192.196" dstip="169.60.79.31" user="" ad_domain="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xe1faa000" url="w8.web.whatsapp.com/ws" referer="" error="" authtime="0" dnstime="0" cattime="89" avscantime="0" fullreqtime="227029" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" exceptions="ssl" reputation="trusted" category="122" reputation="trusted" categoryname="Instant Messaging"

     

    2018:12:17-09:43:01  httpproxy[13789]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.77.192.196" dstip="169.60.79.31" user="" ad_domain="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdb27c800" url="w6.web.whatsapp.com/ws" referer="" error="" authtime="0" dnstime="0" cattime="143" avscantime="0" fullreqtime="227981" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" exceptions="ssl" reputation="trusted" category="122" reputation="trusted" categoryname="Instant Messaging"

     

    2018:12:17-09:43:03  httpproxy[13789]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.77.192.196" dstip="169.60.79.31" user="" ad_domain="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xe1ad1800" url="w7.web.whatsapp.com/ws" referer="" error="" authtime="0" dnstime="0" cattime="81" avscantime="0" fullreqtime="253313" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" exceptions="ssl" reputation="trusted" category="122" reputation="trusted" categoryname="Instant Messaging"

     

    2018:12:17-09:43:08  httpproxy[13789]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.77.192.196" dstip="169.60.79.31" user="" ad_domain="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdf874000" url="w8.web.whatsapp.com/ws" referer="" error="" authtime="0" dnstime="0" cattime="81" avscantime="0" fullreqtime="281190" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" exceptions="ssl" reputation="trusted" category="122" reputation="trusted" categoryname="Instant Messaging"

     

    2018:12:17-09:43:37  httpproxy[13789]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.77.192.196" dstip="158.85.224.174" user="" ad_domain="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdbe47000" url="w2.web.whatsapp.com/ws" referer="" error="" authtime="0" dnstime="0" cattime="101" avscantime="0" fullreqtime="201452" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" exceptions="ssl" reputation="trusted" category="122" reputation="trusted" categoryname="Instant Messaging"

     

    2018:12:17-09:44:09  httpproxy[13789]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.77.192.196" dstip="169.60.79.31" user="" ad_domain="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xda442000" url="w3.web.whatsapp.com/ws" referer="" error="" authtime="0" dnstime="0" cattime="147" avscantime="0" fullreqtime="215269" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" exceptions="ssl" reputation="neutral" category="122" reputation="neutral" categoryname="Instant Messaging"

     

    2018:12:17-09:44:58  httpproxy[13789]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.77.192.196" dstip="169.44.82.118" user="" ad_domain="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xddeb5000" url="w4.web.whatsapp.com/ws" referer="" error="" authtime="0" dnstime="0" cattime="145" avscantime="0" fullreqtime="202210" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" exceptions="ssl" reputation="neutral" category="122" reputation="neutral" categoryname="Instant Messaging"

     

     

     

    Thanks!

  • Hi All,

    I success now! 

    After add all w(2-8).whatsapp.com to "Skip transparent mode destination hosts/nets". It will return to normal! Basically, I don't know Why!

Reply Children