Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Subscribers 5 subscribers
  • Views 39180 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9 blocking whatsapp completly

Karim malak

I found in the webfilter log this event:

2017:08:17-17:46:47 sophos httpproxy[5727]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="POST" srcip="100.0.0.97" dstip="" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo6 (Mobiles)" filteraction="REF_HttCffAllowForEit (mobiles )" size="0" request="0xd9145600" url="http://c.whatsapp.net/chat" referer="" error="Received invalid request from client" authtime="0" dnstime="0" cattime="130" avscantime="0" fullreqtime="30038442" device="0" auth="0" ua="Mozilla/5.0 (compatible; WAChat/1.2; +www.whatsapp.com/contact)" exceptions="" category="122" reputation="neutral" categoryname="Instant Messaging"

 

any help

 

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Karim and Paul, and welcome to the UTM Community!

    With error="Received invalid request from client" in the log line, you will need to skip the Proxy for WhatsApp.  Also, you might try a Google on:

    site:community.sophos.com/products/unified-threat-management/f whatsapp

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Correct. Whatsapp MUST be excluded from the proxy (or at least from HTTPS scanning).

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

    Whatsapp is already excluded from HTTPS scanning 

     

    How to exclude Whatsapp from proxy ?! 

Reply Children
  • 0 in reply to Karim malak

    When using transparent proxy I don't believe you need to exclude it, since it has worked for me for a long time without anything special.

    When using standard proxy it depends on how you configure it, if you just point your clients to the utm at port 8080 then you should also configure your client not to use the proxy for *.whatsapp.com. If you use PAC you can configure it from the PAC file.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to Karim malak

    Configure the 'Transparent Mode Skiplist' on the 'Misc' tab of 'Filtering Options'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML