Website gets blocked, after a page refresh, starts working.

Hi,

 

Seeing a weird problem; some websites have been added as exceptions to allow access, yet they are still being blocked. The site is changed to an allowed category but still gets blocked. The blocked message comes up with the reason being e.g blocked category Health, yet Health is an allowed category. 

It also allows access, then blocks. I've added a couple logs for the same website; 

 

2020:08:13-14:06:29 uhsophosutm-1 httpproxy[11913]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.11.100" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaTempManag (Explicit proxy for internal networks)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="8362" request="0x5fa2e700" url="nlca.azurewebsites.net/.../fontawesome-webfont.woff2 referer="nlca.azurewebsites.net/.../css error="" authtime="0" dnstime="0" aptptime="78" cattime="56" avscantime="0" fullreqtime="1906" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36" exceptions="auth" overridecategory="1" category="119" reputation="neutral" categoryname="Health" reason="category"

 


2020:08:13-14:06:30 uhsophosutm-1 httpproxy[11913]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.11.100" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_HttProContaTempManag (Explicit proxy for internal networks)" filteraction=" ()" size="2508" request="0x48f74700" url="nlca.azurewebsites.net/" referer="" error="" authtime="3" dnstime="0" aptptime="0" cattime="0" avscantime="0" fullreqtime="511" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36" exceptions=""

Parents
  • Hi Yusef and welcome to the UM Community!

    That's not an Exception, rather it's a Website definition.  You probably want to select 'Include subdomains'.

    The first log line above is a block because the URL is categorized as "Health" and you apparently have blocked that category.

    The second line has statuscode="407" and that means the user at 192.168.11.100 isn't authorized to browse to nica.azurewebsites.net.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi Yusef and welcome to the UM Community!

    That's not an Exception, rather it's a Website definition.  You probably want to select 'Include subdomains'.

    The first log line above is a block because the URL is categorized as "Health" and you apparently have blocked that category.

    The second line has statuscode="407" and that means the user at 192.168.11.100 isn't authorized to browse to nica.azurewebsites.net.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data