I mean other people are having the same problem, so I don't see why this is not an acknowledged issue yet.
severity="info" sys="SecureWeb" sub="http" name="http access" action="pass"
It is really frustrating when Sophos keeps releasing firmware with problems and then has to release firmware to fix the bad firmware. At least acknowledge there's a problem.
Are there other conditions to meet for hitting this bug?
I tried "cc get http modulepath" and it gave me "<DEFAULT>" on any firewall I already upgraded, so obviously "cc set http modulepath ‘<DEFAULT>’" (after fixing the quotes issue given by the forum) didn't change anyting. It simply works.
Nothing has really been released about it as far as information goes that I've seen. It could still be in some verification stage to reproduce the bug if it exists.
XG 19.5 GA 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz 16GB Memory | 500GB SSD HDD | GB Ethernet x5
It is blocking range requests and uncategorized sites as usual. And enabling decrypt and scan confirms that is blocking by file type .com (the eicar test file is blocked), however I can't see any reason why it is logging these allowed websites with action="pass".
2022:12:31-12:21:20 sophosutm httpproxy[9977]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.1.30" dstip="23.66.220.116" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="8826" request="0x2a98200" url="">https://cache.api.intel.com/" referer="" error="" authtime="0" dnstime="5" aptptime="91" cattime="110" avscantime="0" fullreqtime="266049" device="0" auth="0" ua="" exceptions="" category="105" reputation="trusted" categoryname="Business"
Tried both pornhub and youporn (and my standard test url waffen.de) as given as example in the other tread and noticed nothing abnormal. Obviously there i another condition I don't meet.
Happy new year everyone.
Hopefully the new firmware will fix any issues. When troubleshooting web filtering logs it's a pain to have to use the filter to only show blocked requests.
I tried the XG for a few days and noticed the same issue where the web filter logs everything, even allowed requests. It would be nice to have a way to not log allowed requests but I don't see any way to do that. I don't recall this happening until just recently.
So I wonder if it has to do with enabling web caching