This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

psiphon3 (Proxy) bypass firewall

hello,

 

i am trying to block the proxy application but somehow it keep bypass the firewall, even they don't have access to internet but by using this program they easily bypass the firewall and access to all content, those application already in reject traffic list using Application control also by web filter policy. i have pasted some logs here. and from filtering option i gave malicious category for each ip from the logs but no success, it keep changing the ips. any help would be appreciated.

 

 

2020:08:18-08:24:57 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x1dcfee00" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="107" cattime="125" avscantime="0" fullreqtime="846845" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:24:58 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x1bae3500" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="1" aptptime="174" cattime="330" avscantime="0" fullreqtime="854496" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:24:59 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x197d2a00" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="66" cattime="69" avscantime="0" fullreqtime="849369" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:00 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x1a990300" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="78" cattime="92" avscantime="0" fullreqtime="853708" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:01 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x1ea44300" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="74" cattime="83" avscantime="0" fullreqtime="861135" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:02 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x1bd88a00" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="64" cattime="66" avscantime="0" fullreqtime="877747" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:02 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x19ba8000" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="58" cattime="64" avscantime="0" fullreqtime="853608" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:03 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x1b11a000" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="64" cattime="71" avscantime="0" fullreqtime="853102" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:04 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x1bae2700" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="66" cattime="73" avscantime="0" fullreqtime="859257" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:05 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x197d2a00" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="64" cattime="83" avscantime="0" fullreqtime="848637" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:06 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x1bae5800" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="100" cattime="93" avscantime="0" fullreqtime="865987" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:07 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x1ddd1500" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="83" cattime="85" avscantime="0" fullreqtime="850403" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:08 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4420" request="0x1e622300" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="52" cattime="83" avscantime="0" fullreqtime="857220" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:08 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.33" dstip="107.181.191.50" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="4093" request="0x1bed7800" url="https://107.181.191.50/" referer="" error="" authtime="0" dnstime="0" aptptime="60" cattime="65" avscantime="0" fullreqtime="796676" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:09 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="9629" request="0x1a634e00" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="144" aptptime="65" cattime="89151" avscantime="0" fullreqtime="320860" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:09 LIC httpproxy[5417]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.100.33" dstip="" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="2518" request="0x1ea49100" url="www.adabrandadlanguage.net/" referer="" error="Host not found" authtime="0" dnstime="96895" aptptime="91" cattime="89459" avscantime="0" fullreqtime="499735" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:09 LIC httpproxy[5417]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.100.33" dstip="" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="2513" request="0x1ed26300" url="mysticjumboxpidea.net/" referer="" error="Host not found" authtime="0" dnstime="101816" aptptime="77" cattime="114058" avscantime="0" fullreqtime="526691" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:09 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="592" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="144" aptptime="67" cattime="75" avscantime="0" fullreqtime="189207" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:09 LIC httpproxy[5417]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.100.33" dstip="" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="2527" request="0x1a1db500" url="www.verticalcontrolnationlegacy.com/" referer="" error="Host not found" authtime="0" dnstime="94412" aptptime="65" cattime="91070" avscantime="0" fullreqtime="482613" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:09 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="72" cattime="82" avscantime="0" fullreqtime="109775" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:09 LIC httpproxy[5417]: id="0061" severity="info" sys="SecureWeb" sub="http" name="web request blocked, reputation limit" action="block" method="POST" srcip="192.168.100.33" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="3151" request="0x1d5ee300" url="http://45.33.95.220/" referer="" error="" authtime="0" dnstime="0" aptptime="50" cattime="91360" avscantime="0" fullreqtime="91985" device="0" auth="0" ua="" exceptions="auth,cache,size" reason="reputation" category="171" reputation="suspicious" categoryname="Spam URLs"
2020:08:18-08:25:09 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="59" cattime="76" avscantime="0" fullreqtime="106934" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:09 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="772" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="59" cattime="68" avscantime="0" fullreqtime="114732" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:09 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="65" cattime="72" avscantime="0" fullreqtime="109554" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:10 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="64" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="65" cattime="77" avscantime="0" fullreqtime="111149" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:10 LIC httpproxy[5417]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.100.33" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="3185" request="0x1d432e00" url="https://31.3.152.69/" referer="" error="" authtime="0" dnstime="0" aptptime="76" cattime="89336" avscantime="0" fullreqtime="387994" device="0" auth="0" ua="" exceptions="auth,cache,size" category="181" reputation="neutral" categoryname="Marketing/Merchandising" reason="category"
2020:08:18-08:25:10 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="85" cattime="105" avscantime="0" fullreqtime="113501" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:10 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="64" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="76" cattime="93" avscantime="0" fullreqtime="109752" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:10 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="332" cattime="1353" avscantime="0" fullreqtime="117526" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:10 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="81" cattime="101" avscantime="0" fullreqtime="108277" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:10 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="48" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="55" cattime="88" avscantime="0" fullreqtime="111272" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:10 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="51" cattime="94" avscantime="0" fullreqtime="113866" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:10 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="14292" request="0x1b41e000" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="77" cattime="91" avscantime="0" fullreqtime="109388" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:11 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1a1db500" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="130" aptptime="68" cattime="73" avscantime="0" fullreqtime="191195" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:11 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1a1db500" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="47" cattime="45" avscantime="0" fullreqtime="110257" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:11 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="112" request="0x1a1db500" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="65" cattime="77" avscantime="0" fullreqtime="111993" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:11 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="64" request="0x1a1db500" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="56" cattime="64" avscantime="0" fullreqtime="114578" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:11 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1a1db500" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="50" cattime="90" avscantime="0" fullreqtime="106425" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:11 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="64" request="0x1a1db500" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="71" cattime="79" avscantime="0" fullreqtime="109341" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:11 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="7571" request="0x1a1db500" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="73" cattime="79" avscantime="0" fullreqtime="109941" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:11 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1d5ee300" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="145" aptptime="79" cattime="82" avscantime="0" fullreqtime="190181" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:12 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1d5ee300" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="85" cattime="98" avscantime="0" fullreqtime="111713" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:12 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="64" request="0x1d5ee300" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="78" cattime="89" avscantime="0" fullreqtime="111849" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:12 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="160" request="0x1d5ee300" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="84" cattime="91" avscantime="0" fullreqtime="125682" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:12 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1d5ee300" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="77" cattime="87" avscantime="0" fullreqtime="126857" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:12 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1d5ee300" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="83" cattime="104" avscantime="0" fullreqtime="116002" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:12 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="64" request="0x1d5ee300" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="54" cattime="81" avscantime="0" fullreqtime="109038" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:12 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="112" request="0x1d5ee300" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="48" cattime="87" avscantime="0" fullreqtime="108836" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:12 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="0" request="0x1d5ee300" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="76" cattime="90" avscantime="0" fullreqtime="120416" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2020:08:18-08:25:13 LIC httpproxy[5417]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.100.33" dstip="146.185.140.224" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Break-Time)" filteraction="REF_DefaultHTTPCFFAction (Default-Website)" size="14522" request="0x1d5ee300" url="http://146.185.140.224/" referer="" error="" authtime="0" dnstime="0" aptptime="144" cattime="200" avscantime="0" fullreqtime="137681" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3)



This thread was automatically locked due to age.
Parents
  • Hallo,

    Sorry, I understand partially only.

    If you try to block the "proxy-URL" using a "malicious-category", the webfilter-exception is a problem.

    You disable the URL-Ceck:

    exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Already tried uinsg proxy-url, still it bypass the firewall.

  • just noticed not only psiphon app there are many proxy application bypass the firewall.  most proxy app connecting via IP address using https connection , like https:/  x.x.x.x

    Thanks

  • First you should check your Webprotection-exceptions:
    Web-Protection / Filtering options / exceptions
    There you have an exception prohibiting the URL-Filter (therefore the unwanted URL categories pass through the firewall)

    You can check if there is a category for the ip within policy helpdesk.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • First you should check your Webprotection-exceptions:
    Web-Protection / Filtering options / exceptions
    There you have an exception prohibiting the URL-Filter (therefore the unwanted URL categories pass through the firewall)

    You can check if there is a category for the ip within policy helpdesk.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children