This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Protection | Filtering - Regex - Passphrase

Hello,


i have already granted an extended release and still I get a response from the provider:

"Authentication failed (Invalid Internet connection)"

URL:
^https?://([A-Za-z0-9.-]*\.)?xxx\.com\.?/*
^https?://([A-Za-z0-9.-]*\.)?xxx1\.yyy5\.net\.?/*

2022:11:01-19:50:23 utm_01 httpproxy[30955]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method= "GET" srcip="192.168.xx.xxx" dstip="68.65.xxx.xxx" user="" group="" ad_domain="" statuscode="301" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="707" request="0xdbc1ea00" url="">XXX.com/.../XXX_v2.php referer="" error="" authtime="0" dnstime="2" aptptime="592" cattime="0" avscantime="0" fullreqtime="190548" device="0" auth="0" ua= "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"


Question/ Annotation:
a) xxx = placeholder for an indefinite number of letters
b) Does somebody has any idea?



This thread was automatically locked due to age.
Parents Reply Children
  • That's your trading application issue, not UTM.  Your traffic is passing, not being blocked.  If you google that authentication error, it pops up all over the place that it's specific to a forex trading problem.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • No, I have to disagree. It's not a problem of the trading application.

    I tested it again.
    Two identical systems:
    - 1x before the UTM (without FW) -> works
    - 1x behind the UTM              -> does not work

  • Hallo Ulf and welcome to the UTM Community!

    I think Amodin has a point...

         statuscode="301"

    This indicates that you need to use a different URL to reach the Forex server.

    You might try:

         grep '68\.65\.xxx\.xxx' /var/log/*.log|more

    Any other place it's blocked?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello,

    i think I found the problem.

    After some research, the solution may be: "Internet Explorer Enhanced Security Configuration" = "OFF".

    I tested it and it works.
    The authentication runs normally like a web service.

    According to FAQ-Microsoft I can't clearly identify the cause of the blockage.



    The exception in the firewall also holds.

    I will slowly re-sharpen it as this one contains many exceptions.


    best Regards