hello,
i am trying to block the proxy application but somehow it keep bypass the firewall, even they don't have access to internet but by using this program they easily bypass the firewall and access to all content, those application already in reject traffic list using Application control also by web filter policy. i have pasted some logs here. and from filtering option i gave malicious category for each ip from the logs but no success, it keep changing the ips. any help would be appreciated.
2020:08:18-08:24:57 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x1dcfee00" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="107" cattime="125" avscantime="0" fullreqtime="846845" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:24:58 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x1bae3500" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="1" aptptime="174" cattime="330" avscantime="0" fullreqtime="854496" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:24:59 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x197d2a00" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="66" cattime="69" avscantime="0" fullreqtime="849369" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:00 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x1a990300" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="78" cattime="92" avscantime="0" fullreqtime="853708" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:01 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x1ea44300" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="74" cattime="83" avscantime="0" fullreqtime="861135" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:02 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x1bd88a00" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="64" cattime="66" avscantime="0" fullreqtime="877747" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:02 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x19ba8000" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="58" cattime="64" avscantime="0" fullreqtime="853608" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:03 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x1b11a000" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="64" cattime="71" avscantime="0" fullreqtime="853102" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:04 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x1bae2700" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="66" cattime="73" avscantime="0" fullreqtime="859257" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:05 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x197d2a00" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="64" cattime="83" avscantime="0" fullreqtime="848637" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:06 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x1bae5800" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="100" cattime="93" avscantime="0" fullreqtime="865987" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:07 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x1ddd1500" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="83" cattime="85" avscantime="0" fullreqtime="850403" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:08 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x1e622300" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="52" cattime="83" avscantime="0" fullreqtime="857220" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:08 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4093" request="0x1bed7800" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="60" cattime="65" avscantime="0" fullreqtime="796676" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:09 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="9629" request="0x1a634e00" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="144" aptptime="65" cattime="89151" avscantime="0" fullreqtime="320860" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:09 LIC httpproxy[5417]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.100.33" dstip="" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="2518" request="0x1ea49100" url="www.adabrandadlanguage.net/" referer="" error="Host not found" authtime="0" dnstime="96895" aptptime="91" cattime="89459" avscantime="0" fullreqtime="499735" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:09 LIC httpproxy[5417]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.100.33" dstip="" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="2513" request="0x1ed26300" url="mysticjumboxpidea.net/" referer="" error="Host not found" authtime="0" dnstime="101816" aptptime="77" cattime="114058" avscantime="0" fullreqtime="526691" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:09 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="592" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="144" aptptime="67" cattime="75" avscantime="0" fullreqtime="189207" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:09 LIC httpproxy[5417]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.100.33" dstip="" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="2527" request="0x1a1db500" url="www.verticalcontrolnationlegacy.com/" referer="" error="Host not found" authtime="0" dnstime="94412" aptptime="65" cattime="91070" avscantime="0" fullreqtime="482613" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:09 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="72" cattime="82" avscantime="0" fullreqtime="109775" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:09 LIC httpproxy[5417]: id="0061" severity="info" sys="SecureWeb" sub="http" name="web request blocked, reputation limit" action="block" method="POST" srcip="192.168.100.33" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="3151" request="0x1d5ee300" url="http://45.33.95.220/" referer="" error="" authtime="0" dnstime="0" aptptime="50" cattime="91360" avscantime="0" fullreqtime="91985" device="0" auth="0" ua="" exceptions="auth,cache,size" reason="reputation" category="171" reputation="suspicious" categoryname="Spam URLs"
2020:08:18-08:25:09 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="59" cattime="76" avscantime="0" fullreqtime="106934" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:09 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="772" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="59" cattime="68" avscantime="0" fullreqtime="114732" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:09 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="65" cattime="72" avscantime="0" fullreqtime="109554" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:10 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="64" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="65" cattime="77" avscantime="0" fullreqtime="111149" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:10 LIC httpproxy[5417]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.100.33" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="3185" request="0x1d432e00" url="https://31.3.152.69/" referer="" error="" authtime="0" dnstime="0" aptptime="76" cattime="89336" avscantime="0" fullreqtime="387994" device="0" auth="0" ua="" exceptions="auth,cache,size" category="181" reputation="neutral" categoryname="Marketing/Merchandising" reason="category"
2020:08:18-08:25:10 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="85" cattime="105" avscantime="0" fullreqtime="113501" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:10 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="64" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="76" cattime="93" avscantime="0" fullreqtime="109752" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:10 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="332" cattime="1353" avscantime="0" fullreqtime="117526" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:10 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="81" cattime="101" avscantime="0" fullreqtime="108277" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:10 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="48" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="55" cattime="88" avscantime="0" fullreqtime="111272" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:10 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="51" cattime="94" avscantime="0" fullreqtime="113866" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:10 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="14292" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="77" cattime="91" avscantime="0" fullreqtime="109388" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:11 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1a1db500" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="130" aptptime="68" cattime="73" avscantime="0" fullreqtime="191195" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:11 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1a1db500" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="47" cattime="45" avscantime="0" fullreqtime="110257" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:11 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="112" request="0x1a1db500" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="65" cattime="77" avscantime="0" fullreqtime="111993" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:11 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="64" request="0x1a1db500" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="56" cattime="64" avscantime="0" fullreqtime="114578" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:11 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1a1db500" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="50" cattime="90" avscantime="0" fullreqtime="106425" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:11 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="64" request="0x1a1db500" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="71" cattime="79" avscantime="0" fullreqtime="109341" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:11 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="7571" request="0x1a1db500" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="73" cattime="79" avscantime="0" fullreqtime="109941" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:11 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1d5ee300" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="145" aptptime="79" cattime="82" avscantime="0" fullreqtime="190181" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:12 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1d5ee300" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="85" cattime="98" avscantime="0" fullreqtime="111713" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:12 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="64" request="0x1d5ee300" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="78" cattime="89" avscantime="0" fullreqtime="111849" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:12 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="160" request="0x1d5ee300" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="84" cattime="91" avscantime="0" fullreqtime="125682" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:12 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1d5ee300" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="77" cattime="87" avscantime="0" fullreqtime="126857" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:12 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1d5ee300" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="83" cattime="104" avscantime="0" fullreqtime="116002" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:12 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="64" request="0x1d5ee300" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="54" cattime="81" avscantime="0" fullreqtime="109038" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:12 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="112" request="0x1d5ee300" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="48" cattime="87" avscantime="0" fullreqtime="108836" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:12 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1d5ee300" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="76" cattime="90" avscantime="0" fullreqtime="120416" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:13 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="14522" request="0x1d5ee300" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="144" cattime="200" avscantime="0" fullreqtime="137681" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3)
Looks different from my SG.
Do you allow HTTPS decrypt/scan (or at least URL Filtering)?
Dirk
Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
i am using url filtering only. after turn off below exception list seems working now, but i will conform soon as posible
ok, if i use exceptions to expensive i got no more categories(i disable filtering/scanning/av/...all for all requests)
You should check the exceptions RFQ and eisaa zoom
Dirk
Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Quote