Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 15 replies
  • Subscribers 9 subscribers
  • Views 5570 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web filtering suddenly blocks everything!

J I

Hi,

Firmware : 9.705-3

My UTM  suddenly blocks all internet traffic. It took me some time to pinpoint the problem to the web filtering module. Disabling web filtering fixes the problem.

I have no experience with live log reading but I cant really see what causes the issue.

Anyone has any ideas ?

Live log below was captured when a url was tested on policy helpdesk..

2021:01:09-11:17:43 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="early_scr_scanner.c" line="783" message="server 'cffs14.astaro.com' access time: 488ms"
2021:01:09-11:17:43 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="early_scr_scanner.c" line="783" message="server 'cffs15.astaro.com' access time: 888ms"
2021:01:09-11:17:44 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="early_scr_scanner.c" line="783" message="server 'cffs16.astaro.com' access time: 790ms"
2021:01:09-11:17:45 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scanner_init" file="saviscanner.c" line="521" message="Successfully loaded SAVI threat data, engine 3.80.1, threat data 5.80 from 1/12/2020 (57338572 detected threats)"
2021:01:09-11:17:45 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="libnavl_log" file="navl_externals_posix.c" line="43" message="E: InitInstance: Error initializing instance of plugin HPACK_UTIL"
2021:01:09-11:17:45 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="356" message="notifiying argos daemon"
2021:01:09-11:17:45 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="362" message="finished startup"
2021:01:09-11:17:45 sophos httpproxy[13265]: Integrated HTTP-Proxy (c) 2007-2016 Sophos Ltd, Release 266.gd33137cb.rb3
2021:01:09-11:17:46 sophos httpproxy[13265]: [tid 4021934960]: [aptp_connect]: aptp socket connect succeeded
2021:01:09-11:17:55 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="early_scr_scanner.c" line="1050" message="Signed databases are required and no signature founnd on incremental file: /var/pattern/tscontrol/tscontrol.96135"
2021:01:09-11:21:11 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5711100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:13 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5711800" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:15 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5740700" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:17 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5741500" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:19 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5742300" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:21 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5743100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:23 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5743800" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:25 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc584ee00" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:28 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc578e700" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:30 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5790300" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:32 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5791100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:34 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5897500" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:36 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc57ce300" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:38 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc57cf100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:40 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5609500" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:42 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc560a300" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:44 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc560b100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:47 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc560b800" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:49 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc56dc300" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:51 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc56dd100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:53 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc570e000" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:55 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc570ee00" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:57 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc570fc00" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:21:59 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5711100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:22:02 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5711800" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:22:04 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5741500" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:22:06 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5742300" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:22:08 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5743100" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:22:10 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc5743800" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"
2021:01:09-11:22:10 sophos httpproxy[13265]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="127.0.0.1" dstip="" user="" group="" ad_domain="" statuscode="404" cached="0" profile=" ()" filteraction=" ()" size="2635" request="0xc5743800" url="http://passthrough.fw-notify.net/policytest/191090" referer="" error="" authtime="0" dnstime="0" aptptime="0" cattime="0" avscantime="0" fullreqtime="483" device="0" auth="0" ua="libwww-perl/6.05" exceptions=""
2021:01:09-11:22:39 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc578ee00" function="p0f_add_request" file="p0f-client.c" line="286" message="requset auth: profile is null, using AUTH_NONE"



This thread was automatically locked due to age.
  • 0

    What catches my eye is this line:

    2021:01:09-11:17:55 sophos httpproxy[13265]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="early_scr_scanner.c" line="1050" message="Signed databases are required and no signature founnd on incremental file: /var/pattern/tscontrol/tscontrol.96135"

    Maybe this is a pattern file problem? Have a look at Adminstration / Up2date / Overview / Patterns, what is your pattern version at the moment?

    Mine is 193910 today.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    UTM reports the same pattern version too

  • 0

    Hello,

    I can confirm this exact problem on a VMWare testing instance (also home use). The SG 310 HA-Cluster and a smaller hardware appliance seem to work flawlessly.

    Forcing AV updates with audld.plx does not help.

    BR

  • 0 in reply to HanspeterHolzer

    Update:

    I tried resetting the UTM to rule out a stuck definition update or other inherited issues. Unfortunately, this did nothing.
    In addition, I also tried disabling "application control" (as I thought it was possibly related to "tscontrol"). This also did not bring anything.
    What is the component "tscontrol"?
    I have never come across it in the 7 years of Astaro/Sophos...

  • 0 in reply to HanspeterHolzer

    Mine also is a vmware home installation...

    its strange how it suddenly happened out of the blue last  night. Now i am forced to have web filtering disabled. 

  • 0

    i have the same issue.

    This error occurs since the last update it seems.

    I'm also using vmware.

    I see this Message in Web Proxy Log:

    2021:01:09-20:10:42 httpproxy[27548]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="early_scr_scanner.c" line="1050" message="Signed databases are required and no signature founnd on incremental file: /var/pattern/tscontrol/tscontrol.96277"
      
    Firmware:
    Current firmware version: 9.705-3
    Pattern:
    193921
  • 0

    I just called Sophos Support, informed them, as the Support Portal is offline, they are now investigating this (per my other thread and this thread, and other threads on the 'net).  Thanks.  Potentially a bad AV update possibly.

  • 0 in reply to J I

    Just to mention:

    I have also tested to disable AV scanning in every profile and setting I was able to find. Additionally I have tried to change the AV-Scanning Engine (Avira vs. Sophos).

    This didn't fix the problem. Seems like upon startup the proxy tries to load this portion of definitions regardless. So I'm not sure if it really is AV or another component.

    BR,

  • 0 in reply to HanspeterHolzer

    in my case problem is rectified if web filtering is disabled.

Unfiltered HTML