This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't Access Specific Website

Masters!

There's a specific website that I can't access. But I can access it when bypassing Sophos FW.

2020:11:23-07:27:40 utm httpproxy[1587]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="172.26.46.9" dstip="203.177.229.122" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_HttProContaInterNetwo (Allow All)" filteraction="REF_HttCffAllow (allow)" size="517" request="0xd3c34700" url="">www.eastwestbanker.com/" referer="" error="Connection timed out" authtime="0" dnstime="102914" aptptime="483" cattime="44162" avscantime="0" fullreqtime="127336388" device="0" auth="0" ua="" exceptions="sandbox,ssl,certcheck,certdate" category="114" reputation="neutral" categoryname="Finance/Banking"
2020:11:23-07:27:40 utm httpproxy[1587]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="172.26.46.9" dstip="203.177.229.122" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_HttProContaInterNetwo (Allow All)" filteraction="REF_HttCffAllow (allow)" size="517" request="0xda86aa00" url="">www.eastwestbanker.com/" referer="" error="Connection timed out" authtime="0" dnstime="103014" aptptime="429" cattime="44316" avscantime="0" fullreqtime="127336458" device="0" auth="0" ua="" exceptions="sandbox,ssl,certcheck,certdate" category="114" reputation="neutral" categoryname="Finance/Banking"
2020:11:23-07:38:52 utm httpproxy[1587]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="172.26.46.9" dstip="203.177.229.122" user="" group="" ad_domain="" statuscode="504" cached="0" profile="REF_HttProContaInterNetwo (Allow All)" filteraction="REF_HttCffAllow (allow)" size="0" request="0xd6b27100" url="">www.eastwestbanker.com/" referer="" error="Connection to server timed out" authtime="0" dnstime="261398" aptptime="109" cattime="144" avscantime="0" fullreqtime="61113784" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) QtWebEngine/5.15.1 Chrome/80.0.3987.163 Safari/537.36" exceptions="sandbox,ssl,certcheck,certdate" category="114" reputation="neutral" categoryname="Finance/Banking"
Can you help me find the cause of this?
Thank you!


This thread was automatically locked due to age.
Parents
  • Musta Randolf and welcome to the UTM Community!

    Guys, the hint in the log lines is statuscode="50?" - the server doesn't "like" our Proxy.  If adding an Exception for Antivirus doesn't resolve this problem, the only solution is to skip the Proxy.

    Also, the folks at eastwestbanker.com might need to fix their authoritative name server entries.  www.eastwestbanker.com resolves to 210.1.80.122 (a single A record), but both that IP and 203.177.229.122 have rDNS records pointing at www.eastwestbanker.com.  I don't claim to be a student of DNS functionality, but if there's a reason to configure that way, it's unknown to me.  Maybe some workaround for some sloppy coding of their website???

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Musta Randolf and welcome to the UTM Community!

    Guys, the hint in the log lines is statuscode="50?" - the server doesn't "like" our Proxy.  If adding an Exception for Antivirus doesn't resolve this problem, the only solution is to skip the Proxy.

    Also, the folks at eastwestbanker.com might need to fix their authoritative name server entries.  www.eastwestbanker.com resolves to 210.1.80.122 (a single A record), but both that IP and 203.177.229.122 have rDNS records pointing at www.eastwestbanker.com.  I don't claim to be a student of DNS functionality, but if there's a reason to configure that way, it's unknown to me.  Maybe some workaround for some sloppy coding of their website???

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children