Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 3934 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Website not accessable any more

heggen
Hi Guys,

need your help. Since a few days the Website Bundesfinanzministerium - Startseite is not reachable via the UTM. I can't find the reason. I already addes the site to the exception list, but it's still not working.

When trying to to open the site the utm ends up in the following message:
Timeout while reading response from server. 



Web Filtering log shows the following Message:
2015:09:07-09:02:27 ASG-WLS httpproxy[5492]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="172.26.45.100" dstip="195.43.53.36" user="" ad_domain="" statuscode="504" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2550" request="0x9a1b000" url="www.bundesfinanzministerium.de/.../7.0; rv:11.0) like Gecko" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"


Using my WLAN (without UTM) I can access the site. Any ideas where to find the problem?

Thanks.


This thread was automatically locked due to age.
  • 0
    Hi all,

    I have the same problem. 
    Firmware version: 9.315-2

    My regex filter is : 
    ^https?://[A-Za-z0-9.-]+\.bundesfinanzministerium\.de/


    I have configured it at the Default content filter action - Allowed Sites
    And as well at Filtering Options - Exceptions

    Log:
    httpproxy[25651]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="IP" dstip="195.43.53.36" user="" ad_domain="" statuscode="504" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2592" request="0xe5297800" url="www.bundesfinanzministerium.de/.../36.0" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience"


    I can connect to the website from my home network without problems.

    Any ideas what I might do wrong?!

    Thanks for the help!
  • 0
    it is an http proxy bug.  

    eb" sub="http" request="(nil)" function="http_parser_context_execute" file="http_parser_context.c" line="97" message="Unable to parse a http message of 1448 bytes (HPE_INVALID_HEADER_TOKEN: invalid character in header)"
    2015:09:07-11:27:47 etcutm httpproxy[30620]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xd7911000" function="read_response_headers" file="response.c" line="227" message="unable to parse a http message on handler 105"

    it works fine when i turn web filtering off.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0
    Hi William,
    thanks for this information. Do we need to create a Ticket at Sophos? Or is this bug already known?
    Any ideas how long it takes to get a bugfix?

    Regards
  • 0 in reply to heggen
    Hi William,
    thanks for this information. Do we need to create a Ticket at Sophos? Or is this bug already known?
    Any ideas how long it takes to get a bugfix?

    Regards


    if you are a paid license holder contact your reseller.  If you are a home user then reporting here is all you can do..

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0 in reply to William Warren
    Hi Heggen,

    same problem here too with this website. Did you opened a case at Sophos support?
  • 0
    Hi,
    i just had a Case with Sophos Support.
    The Error is a known Bug (ID 35559).
    It will be fixed with Maint Release 9.317 end of September.
    The Support offered to install a Hotfix imideately.
    in the remote Session they installed the package 
    "ep-httpproxy-9.25-1001.g3645241.i686.rpm"

    After this fix the Problem is resolved.

    lna@cema

    SCA (utm+xg), SCSE, SCT

    Sophos Platinum Partner

  • 0
    Hi guys,

    I can confirm the information given by Ina. I got the same Bug-ID and Fix-Date end of September with release 9.317.

    Greetings...
Unfiltered HTML