This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Google Ad Services still blocked

Hi everyone,

 

that one bugs me:

In Web Protection I blocked the category "Web Ads" but made an exception for "^https?://([A-Za-z0-9.-]*\.)?googleadservices\.com/" and skipped: "URL Filter / Content Removal / SSL scanning / Certificate trust check / Certificate date check"

The URL https://www.googleadservices.com/pagead/aclk?sa=L&ai=CEb3U2hlSWZq7M4vZYrW1kfgMn5zB-0nT3afH0QW809H82ggICRABIN7Nzx4oFGCVsp-CsAegAajT5MMDyAEHqQIlrw1sP8iyPqoELU_QvG5X9l6EVcmggtaBVp03lZD8dhWTjwzZu4hyqPEjckjbAwbH8tSOTPuA-MAFBaAGJoAHjPKRKJAHA6gHpr4b2AcB4BLW1pesz_DKqd8B&ctype=5&ved=0ahUKEwjVj4qY0N3UAhUBzxQKHVPvAu0QrkMIEg&dblrd=1&val=GgiPEqqs-cZEEiABKAAwnbC04-fz_tIDOPOwyMoFQMyzyMoF&sig=AOD64_1JJfde0vdqfelTrICIy-nxWu3uuA&adurl=http://clickserve.dartsearch.net/link/click%3Flid%3D92700021927041567%26ds_s_kwgid%3D58700002543180166%26ds_s_inventory_feed_id%3D97700000002396362%26%26ds_e_adid%3D202212242552%26ds_e_matchtype%3Dsearch%26ds_e_device%3Dc%26ds_e_network%3Dg%26ds_e_product_group_id%3D299298482620%26ds_e_product_id%3D1486163%26ds_e_product_merchant_id%3D15143421%26ds_e_product_country%3DDE%26ds_e_product_language%3Dde%26ds_e_product_channel%3Donline%26ds_e_product_store_id%3D%7Bproduct_store_id%7D%26ds_url_v%3D2%26ds_dest_url%3Dhttp://r.refinedads.com/r.rfa%3Fv%3Dg3%26oid%3D2286%26aid%3D4014%26critValues%3D%26cid%3D864997103%26agid%3D49355159411%26tid%3Dpla-299298482620%26fid%3D%26adid%3D202212242552%26networkType%3DSearch%26n%3Dg%26p%3D%26q%3D%26mt%3D%26ap%3D1o1%26adt%3Dpla%26merchantid%3D15143421%26productid%3D1486163%26d%3Dc%26dm%3D%26p1%3D%26p2%3D%26r%3D16640977220556452153%26url%3Dhttp://www.mediamarkt.de/catentry/1486163

passes right through the Policy Helpdesk Tool as "passed" based on the exception I made. But the URL is not accessible via web browser.

When removing the S from https, the URL works.

In the Web Protection log I have to entries. One as allowed and one as blocked because of category "Web Ads".

 

Proxy is set to transparent, allthough the clients currently do not use the UTM as a gateway. The Web Protection is used by Sophos Enterprise Console and the Endpoint Protection.

 

I hope you guys can help me ... or girls ... no offense ;-)

 

BR,

Volker



This thread was automatically locked due to age.
  • Looks to me like your regex meefs a slash before the hypen

    [A-Za-z0-9\-]

  • DouglasFoster said:

    Looks to me like your regex meefs a slash before the hypen

    [A-Za-z0-9\-]

     

    I'm afraid I must disappoint you, but the RegEx is valid (in means of UTM). It's copy&paste from all the other exceptions and valid. But that should be obvious, since I mentioned in my earlier post, that it's working while using the UTM as a proxy.

     

    BR,

    Volker

  • You should use a website override instead of an exception, checking the option for "include subdomains"

    Your exception is not being applied, as evidenced by exceptions="" in the logs.   Still thinking about why.

  • You should use a website override instead of an exception, checking the option for "include subdomains"

    Your exception is not being applied, as evidenced by exceptions="" in the logs.   The regex is for the fqdn but tbe match rule is full url.

  • Cattegory and reputation can be different for different paths under the same host, so it is best to use policy helpdesk with s full utl.

    When using the website exception method, I override the category but never the reputation, for safety reasons.  Business is a good generic allow category.

    If you don't want to use any existing category, you can create a tag for the website, assign the tag in website overrides, and grant an allow action in tbe filter action(s).  This can be used to grant the override to specific users only, and the tsg becomes the equivalent of a custom category.

  • DouglasFoster said:

    You should use a website override instead of an exception, checking the option for "include subdomains"

    Your exception is not being applied, as evidenced by exceptions="" in the logs.   The regex is for the fqdn but tbe match rule is full url.

     

     

    The RegEx matches the domain with any subdomain.

    And again: as I told before, the exception is working while using the UTM as a proxy.

  • Volker, have you tried Doug's suggestion?  It might not be affected by the same bug.  Please let us know if this workaround does what you need to accomplish.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Doug's suggestion may work - it uses a different mechanism to do the same thing.  However if it does it may still be just a workaround.

     

    I will repeat my suggestion:

    It might be that the RegEx for UTM and the RegEx for EndPoint is not parsed the same (for example whether to include http).
    Can you try another RegEx, just a bare "googleadservices\.com" ?

     

     

    Also, try making sure the Endpoint has a proper copy of the current configuration (I highly doubt this is the issue, but it doesn't hurt).

    On your windows computer go to %ProgramData%\Sophos\Web Control\Policy (yes put %ProgramData% in the path).

    Delete all files in the \Policy directory.

    Wait a few minutes, files will reappear.

    Test again.

  • so I made the changes as suggested, since my Broker was working this morning ....

    and this works. But, as you all said, it is just a workaround and no solution to the functions provided but not working.

     

    Question regarding this workaround: does this only overwrite the "URL Filter" or in addition any other checks made by the UTM/Endpoint?

     

    BR,

    Volker

  • This applies only to Web Filtering, Volker.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA