Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 9715 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Default web filter

AreshAreshi

Hi Guy's,

 

In the web protection log when I go to the policy violators I can see the name of the server and the site and the category and I can see the actions says blocked.

the log says:

2017:04:05-08:21:54 security1-2 httpproxy[6017]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.0.10.239" dstip="205.178.189.131" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="205" request="0xde154a00" url="https://lyncdiscoverinternal.domaine.com/" referer="" error="Connection timed out" authtime="0" dnstime="5736" cattime="19024" avscantime="0" fullreqtime="127224977" device="0" auth="0" ua="" exceptions="" category="105" reputation="neutral" categoryname="Business" country="United States"

 

Is this link has been blocked becuase of status code 500 and connection time out? or there is some other resons?

 

Thanks



This thread was automatically locked due to age.
  • 0

    Status code 500 is "Internal Server Error"   IT usually means there is a programming error on the target website -- I have seen status 500 with painful frequency when trying to debug ASP scripts on my servers.   UTM is not blocking the traffic, it is merely reporting the failure.

    However, I just tried to run some basic tests against that name, and while DNS returns an IP address, the system does not currently responding to PING or HTTPS.   So perhaps you have a spelling error?

  • 0 in reply to DouglasFoster

    Thank you for your replay,

    No I did not change the URL or IP address. today when ping the url I can see that get resolve to the same IP address that we see in the log.


    log show this:


    IP: 205.178.189.131


    URL: https://lyncdiscoverinternal.domaine.com/

     

    what I dont understand is, is this request get blocked because of statuscode="500" or was bloacked as the log says: action="block"  because of the Default Web Filter Profile or just because there was a problem with the remote web server as log says: error="Connection timed out"?

     

    Thanks

  • 0 in reply to AreshAreshi

    That behaviour is a bit confusing, because entries like "host not found" or "connection timed out" will allways cause a "block" in the logfiles and unfortunately result in a "web request blocked" screen in enduser's browser. Most of the endusers don't read that, they see the Sophos logo, call IT support and want to be unblocked because the evil bad Sophos is ruining their workflows again :-)

    It's a bit frustrating getting them to send in a screenshot or quote the whole block page but in most cases it works.

    Gruß / Regards,

    Kevin
    Sophos CE/CA (XG+UTM), Gold Partner

Unfiltered HTML