This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Question for excepting certain destination on the web filtering

Hello, 

 

i want to configure a excepting  a certain destination on the web filter. but i can't complete this configuration. 

(Web filtering is in transparent. )


So i tried to add the destination url on the "Skip transparent mode destination host/nets" following KB 120839.

community.sophos.com/.../120839

 

but exception is not working well. 

 

For example, i want to except the google.com on the web filtering. 

So i add the www.google.com to the "Skip transparent mode destination host/nets". 

but when i access the google.com, http.log is generated regarding google.com. (action="pass")


It would be much appreciated, if anyone helps me to configure an exception on web filter.



This thread was automatically locked due to age.
Parents
  • Hi,

    Can you please show us a picture of the configuration and the definitions added to the skip list. Alongside, show us few log lines from http.log that reflects the drop or block.

    Refer, Sophos UTM Logfile information.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Hi, 

     

    Below is a configuration for "Skip Transparent Mode Destination Hosts/Nets". 

    i tried to access www.npr.org, when i tested a exception.

     

    I expected that any logs were not generated because www.npr.org set as an exception. 

    But,  when i accessed the www.npr.org, below logs were generated.

    === http.log ==

    2017:07:11-10:54:44 sg httpproxy[18755]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="xxx.xxx.xxx.xxx" dstip
    ="52.73.85.83" user="" group="" ad_domain="" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFA
    ction (Default content filter action)" size="0" request="0xddc06a00" url="soma.smaato.net/.../idsync
    erId%3DSomaCookieUserId" referer="20501671p.rfihub.com/ca.html
    tp%3A%2F%2Fwww.npr.org%2F2017%2F07%2F10%2F536533586%2Fchristie-blasts-n-j-caller-i-love-getting-calls-from-communists-in-montclair&pf=&ra=7047619021825811" error="" aut
    htime="0" dnstime="112725" cattime="230298" avscantime="0" fullreqtime="777155" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHT
    ML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" country="United States"


    2017:07:11-10:54:44 sg httpproxy[18755]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="xxx.xxx.xxx.xxx" dstip
    ="103.71.26.126" user="" group="" ad_domain="" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCF
    FAction (Default content filter action)" size="0" request="0xddcd7800" url="sync.search.spotxchange.com/partner refere
    r="20501671p.rfihub.com/ca.html
    F07%2F10%2F536533586%2Fchristie-blasts-n-j-caller-i-love-getting-calls-from-communists-in-montclair&pf=&ra=7047619021825811" error="" authtime="0" dnstime="78491" catti
    me="229016" avscantime="0" fullreqtime="501606" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071
    .115 Safari/537.36" exceptions="" category="154" reputation="trusted" categoryname="Web Ads" country="Singapore" application="roketful" app-id="1003"

    2017:07:11-10:54:44 sg httpproxy[18755]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="xxx.xxx.xxx.xxx" dstip
    ="54.230.255.150" user="" group="" ad_domain="" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPC
    FFAction (Default content filter action)" size="160" request="0x900f200" url="pdw-usr.userreport.com/.../rfl referer="http://20501671p.rf
    ihub.com/ca.html?rfiidc=1038150097342898428&rfiaid=a862cfd1dad943b1ace9b9b56b2537ce&ver=9&rb=3035&ca=20501671&pe=http%3A%2F%2Fwww.npr.org%2F2017%2F07%2F10%2F536533586%2
    Fchristie-blasts-n-j-caller-i-love-getting-calls-from-communists-in-montclair&pf=&ra=7047619021825811" error="" authtime="0" dnstime="244979" cattime="205326" avscantim
    e="2065" fullreqtime="467326" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
    " exceptions="" category="178" reputation="neutral" categoryname="Internet Services" country="United States" sandbox="-" content-type="text/html"

    2017:07:11-10:54:44 sg httpproxy[18755]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="xxx.xxx.xxx.xxx" dstip
    ="103.15.158.193" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPC
    FFAction (Default content filter action)" size="42" request="0x900f800" url="p.rfihub.com/cm referer="htt
    p://20501671p.rfihub.com/ca.html?rfiidc=1038150097342898428&rfiaid=a862cfd1dad943b1ace9b9b56b2537ce&ver=9&rb=3035&ca=20501671&pe=http%3A%2F%2Fwww.npr.org%2F2017%2F07%2F
    10%2F536533586%2Fchristie-blasts-n-j-caller-i-love-getting-calls-from-communists-in-montclair&pf=&ra=7047619021825811" error="" authtime="0" dnstime="0" cattime="123" a
    vscantime="1017" fullreqtime="213843" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safar
    i/537.36" exceptions="" category="177" reputation="neutral" categoryname="Content Server" application="roketful" app-id="1003" sandbox="-" content-type="image/gif"

     

    Please let me know if you need more information. 

     

Reply
  • Hi, 

     

    Below is a configuration for "Skip Transparent Mode Destination Hosts/Nets". 

    i tried to access www.npr.org, when i tested a exception.

     

    I expected that any logs were not generated because www.npr.org set as an exception. 

    But,  when i accessed the www.npr.org, below logs were generated.

    === http.log ==

    2017:07:11-10:54:44 sg httpproxy[18755]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="xxx.xxx.xxx.xxx" dstip
    ="52.73.85.83" user="" group="" ad_domain="" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFA
    ction (Default content filter action)" size="0" request="0xddc06a00" url="soma.smaato.net/.../idsync
    erId%3DSomaCookieUserId" referer="20501671p.rfihub.com/ca.html
    tp%3A%2F%2Fwww.npr.org%2F2017%2F07%2F10%2F536533586%2Fchristie-blasts-n-j-caller-i-love-getting-calls-from-communists-in-montclair&pf=&ra=7047619021825811" error="" aut
    htime="0" dnstime="112725" cattime="230298" avscantime="0" fullreqtime="777155" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHT
    ML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" country="United States"


    2017:07:11-10:54:44 sg httpproxy[18755]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="xxx.xxx.xxx.xxx" dstip
    ="103.71.26.126" user="" group="" ad_domain="" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCF
    FAction (Default content filter action)" size="0" request="0xddcd7800" url="sync.search.spotxchange.com/partner refere
    r="20501671p.rfihub.com/ca.html
    F07%2F10%2F536533586%2Fchristie-blasts-n-j-caller-i-love-getting-calls-from-communists-in-montclair&pf=&ra=7047619021825811" error="" authtime="0" dnstime="78491" catti
    me="229016" avscantime="0" fullreqtime="501606" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071
    .115 Safari/537.36" exceptions="" category="154" reputation="trusted" categoryname="Web Ads" country="Singapore" application="roketful" app-id="1003"

    2017:07:11-10:54:44 sg httpproxy[18755]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="xxx.xxx.xxx.xxx" dstip
    ="54.230.255.150" user="" group="" ad_domain="" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPC
    FFAction (Default content filter action)" size="160" request="0x900f200" url="pdw-usr.userreport.com/.../rfl referer="http://20501671p.rf
    ihub.com/ca.html?rfiidc=1038150097342898428&rfiaid=a862cfd1dad943b1ace9b9b56b2537ce&ver=9&rb=3035&ca=20501671&pe=http%3A%2F%2Fwww.npr.org%2F2017%2F07%2F10%2F536533586%2
    Fchristie-blasts-n-j-caller-i-love-getting-calls-from-communists-in-montclair&pf=&ra=7047619021825811" error="" authtime="0" dnstime="244979" cattime="205326" avscantim
    e="2065" fullreqtime="467326" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
    " exceptions="" category="178" reputation="neutral" categoryname="Internet Services" country="United States" sandbox="-" content-type="text/html"

    2017:07:11-10:54:44 sg httpproxy[18755]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="xxx.xxx.xxx.xxx" dstip
    ="103.15.158.193" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPC
    FFAction (Default content filter action)" size="42" request="0x900f800" url="p.rfihub.com/cm referer="htt
    p://20501671p.rfihub.com/ca.html?rfiidc=1038150097342898428&rfiaid=a862cfd1dad943b1ace9b9b56b2537ce&ver=9&rb=3035&ca=20501671&pe=http%3A%2F%2Fwww.npr.org%2F2017%2F07%2F
    10%2F536533586%2Fchristie-blasts-n-j-caller-i-love-getting-calls-from-communists-in-montclair&pf=&ra=7047619021825811" error="" authtime="0" dnstime="0" cattime="123" a
    vscantime="1017" fullreqtime="213843" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safar
    i/537.36" exceptions="" category="177" reputation="neutral" categoryname="Content Server" application="roketful" app-id="1003" sandbox="-" content-type="image/gif"

     

    Please let me know if you need more information. 

     

Children
No Data