This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web filtering suddenly blocks everything!

Hi,

Firmware : 9.705-3

My UTM  suddenly blocks all internet traffic. It took me some time to pinpoint the problem to the web filtering module. Disabling web filtering fixes the problem.

I have no experience with live log reading but I cant really see what causes the issue.

Anyone has any ideas ?

Live log below was captured when a url was tested on policy helpdesk..

2021:01:09-11:17:43 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="early_scr_scanner.c" line="783" message="server 'cffs14.astaro.com' access time: 488ms"
2021:01:09-11:17:43 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="early_scr_scanner.c" line="783" message="server 'cffs15.astaro.com' access time: 888ms"
2021:01:09-11:17:44 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="early_scr_scanner.c" line="783" message="server 'cffs16.astaro.com' access time: 790ms"
2021:01:09-11:17:45 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scanner_init" file="saviscanner.c" line="521" message="Successfully loaded SAVI threat data, engine 3.80.1, threat data 5.80 from 1/12/2020 (57338572 detected threats)"
2021:01:09-11:17:45 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="libnavl_log" file="navl_externals_posix.c" line="43" message="E: InitInstance: Error initializing instance of plugin HPACK_UTIL"
2021:01:09-11:17:45 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="356" message="notifiying argos daemon"
2021:01:09-11:17:45 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="362" message="finished startup"
2021:01:09-11:17:45 sophos httpproxy[13265]: Integrated HTTP-Proxy (c) 2007-2016 Sophos Ltd, Release 266.gd33137cb.rb3
2021:01:09-11:17:46 sophos httpproxy[13265]: [tid 4021934960]: [aptp_connect]: aptp socket connect succeeded
2021:01:09-11:17:55 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="early_scr_scanner.c" line="1050" message="Signed databases are required and no signature founnd on incremental file: /var/pattern/tscontrol/tscontrol.96135"
2021:01:09-11:21:11 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5711100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:13 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5711800" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:15 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5740700" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:17 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5741500" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:19 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5742300" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:21 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5743100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:23 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5743800" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:25 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc584ee00" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:28 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc578e700" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:30 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5790300" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:32 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5791100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:34 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5897500" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:36 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc57ce300" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:38 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc57cf100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:40 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5609500" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:42 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc560a300" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:44 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc560b100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:47 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc560b800" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:49 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc56dc300" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:51 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc56dd100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:53 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc570e000" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:55 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc570ee00" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:57 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc570fc00" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:59 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5711100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:22:02 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5711800" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:22:04 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5741500" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:22:06 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5742300" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:22:08 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5743100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:22:10 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5743800" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:22:10 sophos httpproxy[13265]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="127.0.0.1" dstip="" user="" group="" ad_domain="" statuscode="404" cached="0" profile=" ()" filteraction=" ()" size="2635" request="0xc5743800" url="http://passthrough.fw-notify.net/policytest/191090" referer="" error="" authtime="0" dnstime="0" aptptime="0" cattime="0" avscantime="0" fullreqtime="483" device="0" auth="0" ua="libwww-perl/6.05" exceptions=""
2021:01:09-11:22:39 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc578ee00" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE" 



This thread was automatically locked due to age.
Parents
  • What catches my eye is this line:

    2021:01:09-11:17:55 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="early_scr_scanner.c" line="1050" message="Signed databases are required and no signature founnd on incremental file: /var/pattern/tscontrol/tscontrol.96135"

    Maybe this is a pattern file problem? Have a look at Adminstration / Up2date / Overview / Patterns, what is your pattern version at the moment?

    Mine is 193910 today.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • UTM reports the same pattern version too

Reply Children
No Data