Thread Info
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 9951 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

wpad.dat

JackMcAloon

Within the environment I am currently working on we are using Sophos UTM v3.15-2. We have currently been looking for solutions on how to un-clutter the web filtering logs which are containing roughly 20,000 WPAD.dat logs a day within the logs.

Is there an option to create filters to filter these logs out. If there is how is it possible within the UTM. Would there be any downfall of turning this off?

Any help is appreciated!  

Thank you



This thread was automatically locked due to age.
  • Well, you haven't shown an example of one of these entries, making it more difficult to give you a specific solution, but you can create an exceptions rule, based on where the traffic is coming from and/or matching a particular URL, to skip logging. See Web Protection > Filtering Options > Exceptions.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • in reply to Scott_Klassen
    Here is currently what we are seeing within the logs:

    2015:12:09-00:01:54 atawspciutm01 httpproxy[5840]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.209.28" dstip="" user="" ad_domain="" statuscode="400" cached="0" profile="REF_HttProContaUntruNetwo (ISU PCI Filter Profile)" filteraction=" ()" size="2504" request="0xdf52c000" url="/wpad.dat" referer="" error="Received invalid request from Client" authtime="0" dnstime="0" cattime="0" avscantime="0" fullreqtime="189" device="0" auth="0" ua="" exceptions=""

    We currently have a rule within the Web Protection>Filtering Options>Exceptions to block this. Within the actual rule we have the URL Filter.

    The Exception List includes the following items are checked:
    Content Filter - URL Filter
    Logging - Accessed pages and Blocked pages.

    For All Requests-
    Matching these URLS we have the target Domains as ^/wpad.dat

    Anymore suggestions?
Unfiltered HTML