I mean other people are having the same problem, so I don't see why this is not an acknowledged issue yet.
severity="info" sys="SecureWeb" sub="http" name="http access" action="pass"
It is really frustrating when Sophos keeps releasing firmware with problems and then has to release firmware to fix the bad firmware. At least acknowledge there's a problem.
I believe Rafael answered that question in the other thread. It appears to be a bug.
Raphael Alganes said:Thanks for reaching out to Sophos and hope you are well. This current version of UTM9 (9.713) might be affected by an issue in Web Filtering and should be fixed in UTM9 9.714
UTM - 9.713-19 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz 16GB Memory | 500GB SATA HDD | GB Ethernet x5
Thanks. I also replied to that thread but it was posted in the wrong section and I thought it was deleted.
Are there other conditions to meet for hitting this bug?
I tried "cc get http modulepath" and it gave me "<DEFAULT>" on any firewall I already upgraded, so obviously "cc set http modulepath ‘<DEFAULT>’" (after fixing the quotes issue given by the forum) didn't change anyting. It simply works.
Nothing has really been released about it as far as information goes that I've seen. It could still be in some verification stage to reproduce the bug if it exists.
It is blocking range requests and uncategorized sites as usual. And enabling decrypt and scan confirms that is blocking by file type .com (the eicar test file is blocked), however I can't see any reason why it is logging these allowed websites with action="pass".
2022:12:31-12:21:20 sophosutm httpproxy[9977]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.1.30" dstip="23.66.220.116" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="8826" request="0x2a98200" url="">https://cache.api.intel.com/" referer="" error="" authtime="0" dnstime="5" aptptime="91" cattime="110" avscantime="0" fullreqtime="266049" device="0" auth="0" ua="" exceptions="" category="105" reputation="trusted" categoryname="Business"
Tried both pornhub and youporn (and my standard test url waffen.de) as given as example in the other tread and noticed nothing abnormal. Obviously there i another condition I don't meet.
Happy new year everyone.
UTM Up2date 9.714 released - Release Notes & News - UTM Firewall - Sophos Community Update Released!
Hopefully the new firmware will fix any issues. When troubleshooting web filtering logs it's a pain to have to use the filter to only show blocked requests.
I tried the XG for a few days and noticed the same issue where the web filter logs everything, even allowed requests. It would be nice to have a way to not log allowed requests but I don't see any way to do that. I don't recall this happening until just recently.
So I wonder if it has to do with enabling web caching
Hi Alan, "untested" releases seem to be normal, and I have seen a few issue releases over the last 10 years. I guess this is also why the Home UTM is available, as we are the 'testers'... and I have no issues with this, given we have use of a great industry standard product at no cost, and has been around for a while... so much gratitude for a few "issues".I do think a lot of the bugs introduced are a result of patching versions after version that have been up and running for ages, testing environments cant possible manage the permutations out there.I normally wait a few weeks and check the forum for issues before updating my UTM ... I also backup the system before doing the update and have an image disk ready for a reinstallIf I was in a production system I would certainly do the same and test in an environment where meltdowns could happen without issues to the business.CheersCraig
thankyou. Part of the problem was my fault... that I must have checked the "log accessed pages" in the web filtering profiles options and did not remember that it was there since the option is in a strange place.