Sophos UTM 9.603-1
The webfilter is blocking hundreds of ua="Microsoft BITS/7.8" requests per minute and I have added every possible combination of Microsoft BITS/7.8 to the PUA bypass. Apparently this is not a PUA but is categorized as UA which means unwanted application? This is confusing.
The BITS requests are attempting to be transferred under HTTP protocol and not securely through HTTPS. This happens every now and then and lasts for hours, even longer.
2019:06:22-12:39:49 mysophosutm httpproxy[5389]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.3" dstip="172.217.11.46" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xa352a00" url="redirector.gvt1.com/.../1160_all_sthset.crx3" referer="" error="" authtime="0" dnstime="0" aptptime="256" cattime="271" avscantime="0" fullreqtime="96867" device="0" auth="0" ua="Microsoft BITS/7.8" exceptions="" category="178" reputation="trusted" categoryname="Internet Services" content-type="text/html" application="googplay" app-id="816" reason="range"
After it attempts to use http://redirector.gvt1.com, it switches to
2019:06:22-12:36:06 mysophosutm httpproxy[5389]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.3" dstip="172.217.10.46" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xddea000" url="dl.google.com/.../5229_all_crl-set-14912426705758796165.data.crx3" referer="" error="" authtime="0" dnstime="0" aptptime="272" cattime="234" avscantime="0" fullreqtime="109234" device="0" auth="0" ua="Microsoft BITS/7.8" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware" content-type="application/octet-stream" application="google" app-id="182" reason="range"
This thread was automatically locked due to age.