Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.
Skiplists work via IP. They are basically a firewall rule (rather than a proxy rule) that says that the connection should not go through the proxy. Being a IP - based rule I don't think you can use wildcards. You can try using a "DNS Group" rather than "DNS Host" object, the former will gather multiple IP addresses if the DNS resolves to multiple.
You could try removing the skiplist and instead using an Exception. This causes the traffic to go through the proxy but skip most checks. Exceptions can be done on wildcard domain names (RegEx of the URL). Set it to skip everything except logging. If that doesn't work, try posting the lines from the http.log from when you are testing.
Owner: Emmanuel Technology Consulting
Former Sophos SG(Astaro) advocate/researcher/Silver Partner
PfSense w/Suricata, ntopng,
Other addons to follow
I'm experiencing an interesting issue with the "Transparent mode skiplist". It seems that my backup service (Crashplan) will intermittently stop working until I add the fqdn of the destination backup server to this list. So anytime the backup destination changes, my backups fail until this is updated. For example:
the backup destination might be backup1.crashplan.com, but now change to backup2.crashplan.com and fail until added to the list.
I am continually adding "DNS Host" network definitions and adding them to the "Transparent mode skiplist". My question is related to creating some kind of network definition that allows for "ANYTHING".crashplan.com to be added to the list in one shot? Are there other filtering options I can use that would make this work without managing the "Transparent mode skiplist" manually? I notice my I am currently in "Standard Mode" under Global of the Web Filtering tab. Currently running firmware version: 9.209-8
Let me know if you have more questions. Thanks!
Adam Tyler
adam@tylercrew.com
Owner: Emmanuel Technology Consulting
Former Sophos SG(Astaro) advocate/researcher/Silver Partner
PfSense w/Suricata, ntopng,
Other addons to follow
William, very interesting suggestion with quickregex. I had seen those pre-filled exceptions for Adobe and other services and didn't recognize the syntax at all. Looks like this is the tool that generates it. So I opened it and used it to generate the string for crashplan.com including all subdomains. Unfortunately when plugging it into the exception list I still can't get the endpoint to connect to the crashplan service. Let me walk through the test I just ran.
Step 1: PC with crashplan installed connecting to "etb-atl.crashplan.com:443" for crashplan backup. Currently to make this wrok with web filtering enabled I am required to create a "Network Definition" using DNS Host type for the above URL.. (I've used the DNS group in the past too.. It seems to work, but I can't make out any difference between the two. Originally I was hoping that DNS Group meant all subdomains!!! nope.)
Step 2: Head over to Web Filtering and "Misc" tab. Enter the Network Definition into the "Skip transparent mode source hosts/nets" and the "Skip transparent mode destination hosts/nets".
Step 3: test crashplan. Lights go green, I am backing up!!! Woohoo! Until Crashplan changes the URL on me... Booo!
~~~ Test Exception instead of Misc/skip list.
Step 4: Remove network definition fom Misc/skip list page. Test crashplan app on workstation. Verify it is broken again. Cool, problem re-created.
Step 5: Create new exception and configure it to skip every "check" I can. Using regex create crazy string to skip anything.crashplan.com.. this I sthe string I get: ^https?://([A-Za-z0-9.-]*\.)?crashplan\.com/.. Add this string to as "URL" match following suite with how the existing adobe exceptions are configured. (I didn't see an option for "regex input"). Save the exception.
Step 6: go test crashplan.. Still broke.. Waaaaaaaaaaaaaaaaaah!
Step 7: go back to exception and add the exact URL in question.. Just to make sure it isn't the sting that regex gave me.
Step 8: go test crashplan. Still broke... Waaaaaaaaaaaaaaaaaah!
Conclusion.. Exception list doesn't seem to do whatever the "Misc/Skip list" does... Anymore input guys?
Owner: Emmanuel Technology Consulting
Former Sophos SG(Astaro) advocate/researcher/Silver Partner
PfSense w/Suricata, ntopng,
Other addons to follow
Owner: Emmanuel Technology Consulting
Former Sophos SG(Astaro) advocate/researcher/Silver Partner
PfSense w/Suricata, ntopng,
Other addons to follow