This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IE9 and IE10 is crashing

Internet Explorer 9 and 10 is crashing (not IE10, Chrome and Firefox) when users go to web sites that are blocked by policy. It also happens when visited web sites attempt to connect/get content from web sites that are blocked by policy as well.

UTM 9.35 with the following settings:
-HTTPS Scan Settings: "URL filtering only"
-Transparent mode with Active Directory SSO

As of yesterday, IE9 and IE10 was crashing constantly and I saw five sites being "block" in Web Filtering Live Log so I added those URLs into existing "Exception List" for Microsoft sites; here's what we had in that exception list before:

Skipping: Authentication / Block by download size / Extension blocking / SSL scanning

Matching these URLs:
   ^https?://([A-Za-z0-9.-]*\.)?windowsupdate\.com/
   ^https?://([A-Za-z0-9.-]*\.)?microsoft\.com/


After watching Web Filtering Live Log for a while, I have changed that exception and seems like IE9 and IE10 is not crashing now as long as users do not attempt to visit site that is blocked by policy etc.

Here's that exception list after change:

Skipping: Authentication / Block by download size / Extension blocking / URL Filter / SSL scanning

Matching these URLs:
   ^https?://([A-Za-z0-9.-]*\.)?windowsupdate\.com/
   ^https?://([A-Za-z0-9.-]*\.)?microsoft\.com/
   https://iecvlist.microsoft.com
   http://crl.microsoft.com/
   http://ie9cvlist.ie.microsoft.com/
   crl.microsoft.com


Is there a solution to that problem? Seems like when users attempts to visit https site that is block by policy, the IE9 and IE10 will crash but not IE11, Chrome and Firefox.

Thanks guys,
Mark


This thread was automatically locked due to age.
Parents
  • A little spelunking in cc indicates what probably is the setting.  Don't do the below yourself if this is on a UTM with a paid subscription.  Without a release or instruction from Sophos, you could endanger your Support contract.  As root:

    cc set http ie_ssl_blockpage_workaround 1



    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • A little spelunking in cc indicates what probably is the setting.  Don't do the below yourself if this is on a UTM with a paid subscription.  Without a release or instruction from Sophos, you could endanger your Support contract.  As root:

    cc set http ie_ssl_blockpage_workaround 1



    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Thank you BAlfson. I did a a lot of research (aka Googlefu) to attempt to find a resolution to this, and this was the first real fix I may have found.

    I did have a couple of quick questions for you. The post is dated Oct 30th, and we are still experiencing IE9/IE10 SSL Inspection related crashes. Do you know if Sophos has a patched this yet?

    We are using SG430 on Firmware 9.351-3 12/22/2015