This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web filtering suddenly blocks everything!

Hi,

Firmware : 9.705-3

My UTM  suddenly blocks all internet traffic. It took me some time to pinpoint the problem to the web filtering module. Disabling web filtering fixes the problem.

I have no experience with live log reading but I cant really see what causes the issue.

Anyone has any ideas ?

Live log below was captured when a url was tested on policy helpdesk..

2021:01:09-11:17:43 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="early_scr_scanner.c" line="783" message="server 'cffs14.astaro.com' access time: 488ms"
2021:01:09-11:17:43 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="early_scr_scanner.c" line="783" message="server 'cffs15.astaro.com' access time: 888ms"
2021:01:09-11:17:44 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="early_scr_scanner.c" line="783" message="server 'cffs16.astaro.com' access time: 790ms"
2021:01:09-11:17:45 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scanner_init" file="saviscanner.c" line="521" message="Successfully loaded SAVI threat data, engine 3.80.1, threat data 5.80 from 1/12/2020 (57338572 detected threats)"
2021:01:09-11:17:45 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="libnavl_log" file="navl_externals_posix.c" line="43" message="E: InitInstance: Error initializing instance of plugin HPACK_UTIL"
2021:01:09-11:17:45 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="356" message="notifiying argos daemon"
2021:01:09-11:17:45 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="362" message="finished startup"
2021:01:09-11:17:45 sophos httpproxy[13265]: Integrated HTTP-Proxy (c) 2007-2016 Sophos Ltd, Release 266.gd33137cb.rb3
2021:01:09-11:17:46 sophos httpproxy[13265]: [tid 4021934960]: [aptp_connect]: aptp socket connect succeeded
2021:01:09-11:17:55 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="early_scr_scanner.c" line="1050" message="Signed databases are required and no signature founnd on incremental file: /var/pattern/tscontrol/tscontrol.96135"
2021:01:09-11:21:11 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5711100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:13 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5711800" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:15 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5740700" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:17 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5741500" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:19 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5742300" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:21 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5743100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:23 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5743800" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:25 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc584ee00" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:28 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc578e700" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:30 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5790300" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:32 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5791100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:34 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5897500" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:36 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc57ce300" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:38 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc57cf100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:40 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5609500" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:42 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc560a300" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:44 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc560b100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:47 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc560b800" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:49 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc56dc300" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:51 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc56dd100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:53 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc570e000" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:55 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc570ee00" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:57 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc570fc00" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:59 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5711100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:22:02 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5711800" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:22:04 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5741500" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:22:06 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5742300" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:22:08 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5743100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:22:10 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5743800" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:22:10 sophos httpproxy[13265]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="127.0.0.1" dstip="" user="" group="" ad_domain="" statuscode="404" cached="0" profile=" ()" filteraction=" ()" size="2635" request="0xc5743800" url="http://passthrough.fw-notify.net/policytest/191090" referer="" error="" authtime="0" dnstime="0" aptptime="0" cattime="0" avscantime="0" fullreqtime="483" device="0" auth="0" ua="libwww-perl/6.05" exceptions=""
2021:01:09-11:22:39 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc578ee00" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE" 



This thread was automatically locked due to age.
Parents Reply
  • Just to mention:

    I have also tested to disable AV scanning in every profile and setting I was able to find. Additionally I have tried to change the AV-Scanning Engine (Avira vs. Sophos).

    This didn't fix the problem. Seems like upon startup the proxy tries to load this portion of definitions regardless. So I'm not sure if it really is AV or another component.

    BR,

Children