Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 15718 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocked request

Aresh
Hi,

I was checking the web protection logs and checking the policy violators and came across some blocked request that points to the https://microsoft.com (see the attech file)

but I can open the same link from the same server. what this means? is this request has been blocked? if yes then why can I open it. also why should sopho block access to the microsoft.com?

Thanks


This thread was automatically locked due to age.
  • 0
    It looks like that SharePoint services are trying to access microsoft.com site, but are failing, probably because of AD SSO in Transparent mode, am i right ?
  • 0 in reply to vilic
    Hi Vilic,

    Thanks as Always for your reply,

    you right the we are in transprent mode and default autentication is none.

    What this mean?

    Thanks
  • 0
    The UTM has a bad habit of calling things "blocked" when they aren't.  Blocked can also mean "failed and I had to return a special page the the browser".

    To know more you would need to have the actual log lines.

    Do you have HTTPS scanning on?
  • 0
    Hi Michel,

    Thanks for the reply,

    This is what I can see in the log:

    I did check the Web Filtering-HTTPS and option URL Filtring only is selected.

    [HTML]2015:09:25-03:19:15 securitysrv1-1 httpproxy[18427]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.0.10.204" dstip="68.232.34.200" user="" ad_domain="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="191" request="0xe1fa6800" url="iecvlist.microsoft.com/.../HTML]
  • 0
    Anytime you get a statuscode in the 500s and/or error="Connection timed out", you can assume the server doesn't like proxies.  The first thing to try is to create an exception for anti-virus for ^https?://iecvlist.microsoft.com/.  If that doesn't work, add a DNS Host for iecvlist.microsoft.com to the Transparent mode skiplist.  Any luck?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • +1 in reply to BAlfson
    Hi Bob,

    I did create a expation under Filtering option-Exception for ^https?://iecvlist.microsoft.com/ and choose Anti virus. 

    dose the second option is this:

    Web filtering Options -Misc-Transparent Mode Skiplist

    Thanks
Unfiltered HTML