This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

URLs of https://sophostest.com/UTM listed as "uncategorized".

Using UTM 9.714-4

All sites on the https://sophostest.com/ site are classified as uncategorized in the policy test of the Web filter. As I tested the advertisement category, which is blocked in the web filter profile, it allows the site to load.

This is the log entry inweb filter.

2023:02:12-14:08:29 mysophosutm httpproxy[5847]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.30" dstip="108.156.22.38" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0x7fa9cf4b6200" url="">sophostest.com/.../index.html" referer="">sophostest.com/index.html" error="" authtime="0" dnstime="0" aptptime="88" cattime="115" avscantime="0" fullreqtime="126958" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0" exceptions="" category="9998" reputation="neutral" categoryname="Uncategorized"

I set uncategorized sites to "allow" in the webfilter.



This thread was automatically locked due to age.
  • There is a different set of test URLs for UTM as it uses a different category set than our newer products. You can find the list of categories at this location: http://sophostest.com/utm/

    For example,

    Screenshot of Policy Helpdesk

    One thing to note - avoid using 'https' in the scheme portion of the URL when testing. For historical reasons, it only works when you use 'http'. 

  • That was a simple reply, thanks. Gee, I had no idea that site even existed till now.

  • So, after testing both the XG and the UTM, the XG does block the urls when decrypt and scan is enabled. So is there any (logical) reason why the sites of the UTM version URL are not blocked in the UTM as well? Is it because the site uses TLS 1.3 and not TLS 1.2? The eicar test file is blocked by file extension, so decrypt and scan is working on the UTM even after regenerating the certificate and deploying it in the trusted certificate store.

    So....what is the reason behind the HTTPS URLs at https://sophostest.com/utm/ for not being scanned and blocked or at least blocked by URL category? And further, why are they all categorized as "uncategorized"?

    When using the HTTP version of the site, the links are categorized properly, but all of them in the HTTPS are uncategorized. 

  • The UTM doesn't perform category lookups on URL path information for HTTPS URLs for security reasons. HTTPS URL paths can contain confidential information which would normally be protected by encryption. Sophos Firewall (XG) uses a more secure protocol for doing URL lookups and so we do include elements of a URL path when categorizing HTTPS traffic on that platform.