This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Proceed button on Warn not working

Hi Guys,

Using the 9.310-11 firmware with Standard AD-SSO profile.

My issue is that when the users get a 'Content Warn' page with the proceed button, clicking on the proceed button seems to have no effect. The same 'Content Warn' page is loaded repeatedly.

2015:04:27-16:58:50 dvicsophosutm01-1 httpproxy[6336]: id="0072" severity="info" sys="SecureWeb" sub="http" name="Contentfilter warned and proceeded" url="mega.co.nz/" srcip="10.0.30.49" category="170" categoryname="Personal Network Storage" 
2015:04:27-16:58:50 dvicsophosutm01-1 httpproxy[6336]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.0.30.49" dstip="" user="" ad_domain="" statuscode="407" cached="0" profile="REF_HttProContaInterHp5 (Employee (Standard) Proxy Profile)" filteraction=" ()" size="2681" request="0x92c8800" url="mega.co.nz/.../7.0; rv:11.0) like Gecko" exceptions="" 
2015:04:27-16:58:50 dvicsophosutm01-1 httpproxy[6336]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.0.30.49" dstip="" user="" ad_domain="" statuscode="407" cached="0" profile="REF_HttProContaInterHp5 (Employee (Standard) Proxy Profile)" filteraction=" ()" size="2681" request="0x92c8800" url="mega.co.nz/.../7.0; rv:11.0) like Gecko" exceptions="" 
2015:04:27-16:58:50 dvicsophosutm01-1 httpproxy[6336]: id="0071" severity="info" sys="SecureWeb" sub="http" name="web request warned, forbidden category detected" action="warn" method="GET" srcip="10.0.30.49" dstip="" user="testaccount" ad_domain="AD" statuscode="403" cached="0" profile="REF_HttProContaInterHp5 (Employee (Standard) Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Decon - Employee Internet - Action)" size="3339" request="0x92c8800" url="mega.co.nz/.../7.0; rv:11.0) like Gecko" exceptions="" reason="category" category="170" reputation="trusted" categoryname="Personal Network Storage" 
2015:04:27-16:58:51 dvicsophosutm01-1 httpproxy[6336]: id="0072" severity="info" sys="SecureWeb" sub="http" name="Contentfilter warned and proceeded" url="mega.co.nz/" srcip="10.0.30.49" category="170" categoryname="Personal Network Storage" 
2015:04:27-16:58:51 dvicsophosutm01-1 httpproxy[6336]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.0.30.49" dstip="" user="" ad_domain="" statuscode="407" cached="0" profile="REF_HttProContaInterHp5 (Employee (Standard) Proxy Profile)" filteraction=" ()" size="2681" request="0xcdd29800" url="mega.co.nz/.../7.0; rv:11.0) like Gecko" exceptions="" 
2015:04:27-16:58:51 dvicsophosutm01-1 httpproxy[6336]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.0.30.49" dstip="" user="" ad_domain="" statuscode="407" cached="0" profile="REF_HttProContaInterHp5 (Employee (Standard) Proxy Profile)" filteraction=" ()" size="2681" request="0xcdd29800" url="mega.co.nz/.../7.0; rv:11.0) like Gecko" exceptions="" 
2015:04:27-16:58:51 dvicsophosutm01-1 httpproxy[6336]: id="0071" severity="info" sys="SecureWeb" sub="http" name="web request warned, forbidden category detected" action="warn" method="GET" srcip="10.0.30.49" dstip="" user="testaccount" ad_domain="AD" statuscode="403" cached="0" profile="REF_HttProContaInterHp5 (Employee (Standard) Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Decon - Employee Internet - Action)" size="3339" request="0xcdd29800" url="mega.co.nz/.../7.0; rv:11.0) like Gecko" exceptions="" reason="category" category="170" reputation="trusted" categoryname="Personal Network Storage" 
2015:04:27-16:58:52 dvicsophosutm01-1 httpproxy[6336]: id="0072" severity="info" sys="SecureWeb" sub="http" name="Contentfilter warned and proceeded" url="mega.co.nz/" srcip="10.0.30.49" category="170" categoryname="Personal Network Storage" 
2015:04:27-16:58:52 dvicsophosutm01-1 httpproxy[6336]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.0.30.49" dstip="" user="" ad_domain="" statuscode="407" cached="0" profile="REF_HttProContaInterHp5 (Employee (Standard) Proxy Profile)" filteraction=" ()" size="2681" request="0xe5905000" url="mega.co.nz/.../7.0; rv:11.0) like Gecko" exceptions="" 
2015:04:27-16:58:52 dvicsophosutm01-1 httpproxy[6336]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.0.30.49" dstip="" user="" ad_domain="" statuscode="407" cached="0" profile="REF_HttProContaInterHp5 (Employee (Standard) Proxy Profile)" filteraction=" ()" size="2681" request="0xe5905000" url="mega.co.nz/.../7.0; rv:11.0) like Gecko" exceptions="" 
2015:04:27-16:58:52 dvicsophosutm01-1 httpproxy[6336]: id="0071" severity="info" sys="SecureWeb" sub="http" name="web request warned, forbidden category detected" action="warn" method="GET" srcip="10.0.30.49" dstip="" user="testaccount" ad_domain="AD" statuscode="403" cached="0" profile="REF_HttProContaInterHp5 (Employee (Standard) Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Decon - Employee Internet - Action)" size="3339" request="0xe5905000" url="mega.co.nz/.../7.0; rv:11.0) like Gecko" exceptions="" reason="category" category="170" reputation="trusted" categoryname="Personal Network Storage" 


What can be the issue ? However, the same thing works in Transparent AD-SSO mode.

2015:04:27-17:05:21 dvicsophosutm01-1 httpproxy[6336]: id="0072" severity="info" sys="SecureWeb" sub="http" name="Contentfilter warned and proceeded" url="mega.co.nz/" srcip="10.0.30.49" category="170" categoryname="Personal Network Storage" 
2015:04:27-17:07:13 dvicsophosutm01-1 httpproxy[6336]: id="0072" severity="info" sys="SecureWeb" sub="http" name="Contentfilter warned and proceeded" url="www.sugarsync.com/" srcip="10.0.30.49" category="170" categoryname="Personal Network Storage" 
2015:04:27-17:07:16 dvicsophosutm01-1 httpproxy[6336]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="10.0.30.49" dstip="" user="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffDeconBaseEmplo (Decon (Base) - Employee Internet - Action)" size="0" request="0x8ce7000" url="stats.g.doubleclick.net/" referer="" error="" authtime="0" dnstime="0" cattime="96099" avscantime="0" fullreqtime="309502" device="1" auth="2" ua="" exceptions="" reason="category" category="154" reputation="neutral" categoryname="Web Ads" 
2015:04:27-17:07:16 dvicsophosutm01-1 httpproxy[6336]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="10.0.30.49" dstip="" user="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffDeconBaseEmplo (Decon (Base) - Employee Internet - Action)" size="0" request="0xe595e800" url="stats.g.doubleclick.net/" referer="" error="" authtime="1" dnstime="0" cattime="95930" avscantime="0" fullreqtime="312237" device="1" auth="2" ua="" exceptions="" reason="category" category="154" reputation="neutral" categoryname="Web Ads" 
2015:04:27-17:07:16 dvicsophosutm01-1 httpproxy[6336]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="10.0.30.49" dstip="" user="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffDeconBaseEmplo (Decon (Base) - Employee Internet - Action)" size="0" request="0xe5905000" url="stats.g.doubleclick.net/" referer="" error="" authtime="0" dnstime="0" cattime="71" avscantime="0" fullreqtime="208278" device="1" auth="2" ua="" exceptions="" reason="category" category="154" reputation="neutral" categoryname="Web Ads" 


This thread was automatically locked due to age.
Parents
  • Hello!


    We have the same issue here, too... The HTTP Proxy runs in Standard Mode with AD-SSO authentication for our LAN Users. It was working fine with those Proxy settings for the Clients in our LAN Network until we installed the last two Updates (9.403 and now 9.404)... Now we have the same Problem!!!


    The funny thing: We also have some Sophos WLAN Hotspots with the HTTP Proxy running in Transparent Mode for that WLAN Network and we have set for some Categories the Warn Level... The Proceed Button ist still working on the Block Pages in that Enviroment...

    Does anyone have suggestions on this Problem?

  • Hi All,

    The issue was reported as a bug NUTML-11601, which was resolved in v9.375. If the issue is reborn, take SSH to UTM and capture httpproxy.log; try to proceed a warned website and post the logs.

    If anyone else faces this issue on the latest version i.e., 9.4 and has a support subscription, please point support towards the mentioned bug ID.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • OK. Here we go. Category "IT" is set to Action "WARN". Fetching www.sourceforge.ne over the Proxy blocks the Website. "PROCEED" Button isn't working...

    Copy Paste of the HTTP.LOG Section:

    2016:07:07-14:33:54 fw-1 httpproxy[6412]: id="0071" severity="info" sys="SecureWeb" sub="http" name="web request warned, forbidden category detected" action="warn" method="GET" srcip="172.16.1.224" dstip="" user="testuser" group="XYZ Standard Benutzer" ad_domain="XYZ" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLanJvu (LAN XYZ Standard)" size="3228" request="0xa0d0400" url="http://www.sourceforge.net/" referer="" error="" authtime="0" dnstime="0" cattime="124" avscantime="0" fullreqtime="457" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="" reason="category" category="148" reputation="trusted" categoryname="Shareware/Freeware"

    2016:07:07-14:33:56 fw-1 httpproxy[6412]: id="0072" severity="info" sys="SecureWeb" sub="http" name="Contentfilter warned and proceeded" url="http://www.sourceforge.net/" srcip="172.16.1.224" category="148" categoryname="Shareware/Freeware"

    2016:07:07-14:33:56 fw-1 httpproxy[6412]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="172.16.1.224" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2713" request="0xde966a00" url="http://www.sourceforge.net/" referer="http://www.sourceforge.net/" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="117" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions=""

    2016:07:07-14:33:56 fw-1 httpproxy[6412]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="172.16.1.224" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2713" request="0xde966a00" url="http://www.sourceforge.net/" referer="http://www.sourceforge.net/" error="" authtime="5" dnstime="0" cattime="0" avscantime="0" fullreqtime="98" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions=""

    2016:07:07-14:33:56 fw-1 httpproxy[6412]: id="0071" severity="info" sys="SecureWeb" sub="http" name="web request warned, forbidden category detected" action="warn" method="GET" srcip="172.16.1.224" dstip="" user="testuser" group="XYZ Standard Benutzer" ad_domain="XYZ" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLanJvu (LAN XYZ Standard)" size="3228" request="0xde966a00" url="http://www.sourceforge.net/" referer="http://www.sourceforge.net/" error="" authtime="97" dnstime="0" cattime="126" avscantime="0" fullreqtime="2110" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="" reason="category" category="148" reputation="trusted" categoryname="Shareware/Freeware"

    2016:07:07-14:33:57 fw-1 httpproxy[6412]: id="0072" severity="info" sys="SecureWeb" sub="http" name="Contentfilter warned and proceeded" url="http://www.sourceforge.net/" srcip="172.16.1.224" category="148" categoryname="Shareware/Freeware"

    2016:07:07-14:33:57 fw-1 httpproxy[6412]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="172.16.1.224" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2713" request="0xdc823000" url="http://www.sourceforge.net/" referer="http://www.sourceforge.net/" error="" authtime="3" dnstime="0" cattime="0" avscantime="0" fullreqtime="160" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions=""

    2016:07:07-14:33:57 fw-1 httpproxy[6412]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="172.16.1.224" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2713" request="0xdc823000" url="http://www.sourceforge.net/" referer="http://www.sourceforge.net/" error="" authtime="14" dnstime="0" cattime="0" avscantime="0" fullreqtime="98" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions=""

  • Hi,

    The issue is recorded in NUTML-10292 and it is under development.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply Children
  • Fantastic!

    Apparently this popped up today: "The following Firmware Up2Date package has been successfully downloaded and is now available for installation: 9.405005"

    •  Fix [NUTM-3110]: [Web] Proceed button not working when authentication is set to browser for warn page

    And it addresses the issue! Yeah!