This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filtering log "Connection refused

Hello  wu use a Sophps S115W

with the latest Firmware.

 

We are not able to access ome special website.

All other webistes work fine.

If the user tryes to acces the webisite he receives the follwing Error message 

An error occurred while handling your request

"Connection refused "

We added the Website at the "whitelist" already.

I checked the DNS, if I use an ping the IP is resolved correctly.

 

In the Logfiles I found the following entries.

 

2018:01:29-10:18:47 diversign httpproxy[11249]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1117" message="Write error on the epoll handler 272 (Connection refused)"
2018:01:29-10:18:47 diversign httpproxy[11249]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1117" message="Write error on the epoll handler 272 (Connection refused)"
2018:01:29-10:18:47 diversign httpproxy[11249]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xdd2ce400" function="send_request_headers" file="request.c" line="912" message="write() on AF 2 socket to 217.160.167.174 failed: Connection refused"
2018:01:29-10:18:47 diversign httpproxy[11249]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.30" dstip="217.160.167.174" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2491" request="0xdd2ce400" url="http://www.diversign.de/" referer="" error="Connection refused" authtime="0" dnstime="537" cattime="252" avscantime="0" fullreqtime="65157" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" exceptions=""
2018:01:29-10:18:47 diversign httpproxy[11249]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1117" message="Write error on the epoll handler 272 (Connection refused)"
2018:01:29-10:18:47 diversign httpproxy[11249]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1117" message="Write error on the epoll handler 272 (Connection refused)"
2018:01:29-10:18:47 diversign httpproxy[11249]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xdcd25200" function="send_request_headers" file="request.c" line="912" message="write() on AF 2 socket to 217.160.167.174 failed: Connection refused"
2018:01:29-10:18:47 diversign httpproxy[11249]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.30" dstip="217.160.167.174" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2502" request="0xdcd25200" url="www.diversign.de/favicon.ico" referer="" error="Connection refused" authtime="0" dnstime="502" cattime="56708" avscantime="0" fullreqtime="121503" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" exceptions=""
2018:
 
 
I also tried to acces the website from another company which
ues an sophos too. There is no problem to acces the webiste.
 
Thanks for you help.
 
 
Bye
Christian
 

 

 

 

 

 



This thread was automatically locked due to age.
Parents
  • 2018:01:29-10:18:47 diversign [...] url="http://www.diversign.de/" [...]

     

    I'm guessing you are trying to get to your own website.  Is the website hosted on a computer within your company?  Are you using the Web Application Firewall?  Are you trying to go out on the same external port you are coming in on?

    Please give more details on your setup.  I'm guessing this is more of a problem in network configuration and WAF.  My guess is that the proxy is correctly reporting that it cannot connect to the server and that this is not a proxy problem.

  • Hello,

     

    the Website we try to acces is our own yes thars right. 

    But the Website ist hosted outside the Company Network.

    Also the internal Domainname is different from the external Domainanme.

    We don't use a WebApplicationFirewall.

     

    Thank You

     

     

     

     

  • You can try going to an ssh session on the box and curl from there to confirm that it is not the proxy.

     

    Assuming it is not then I would contact your IT or provider who is hosting the site to find out why it is refusing connections.

  • I see statuscode"502" in the log.  That usually means that you must skip the Proxy if an Exception for Antivirus doesn't solve the problem.  HOWEVER, I went to http://www.diversign.de/ and had no problem whatsoever.

    You said that you're on the latest version - if that's not 9.506, then you should Up2Date immediately.  Did that solve your issue?  If not, then I'd have to agree with Michael.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello,

     

    sorry for my late reply. 

    The UTM is updated to the latest version.

    The issue is still there.

    The provider of the website says it's not his fault.

     

    Bye

    Christian

  • I don't know why you're having a problem, Christian.  I just tested, and here are the first few lines from the log:

    2018:03:09-09:14:22 post httpproxy[6373]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.x.y.41" dstip="217.160.167.174" user="" group="" ad_domain="" statuscode="301" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="294" request="0xe6b4c00" url="http://www.diversign.de/" referer="" error="" authtime="0"dnstime="1
    85953" cattime="84185" avscantime="1613" fullreqtime="558438" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="" category="9998" reputation="neutral" categoryname="Uncategorized" country="Germany" sandbox="-" content-type="text/html"
    2018:03:09-09:14:23 post httpproxy[6373]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.x.y.41" dstip="217.160.167.174" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="16221" request="0xe09b5200" url="http://diversign.de/" referer="" error="" authtime="0" dnstime="185946" cattime="80982" avscantime="21379" fullreqtime="1408802" device="0" auth="
    0" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="" category="9998" reputation="neutral" categoryname="Uncategorized" country="Germany" sandbox="-" content-type="text/xml"
    2018:03:09-09:14:24 post httpproxy[6373]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.x.y.41" d
    stip="217.160.167.174" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="111" request="0xe6b6400" url="http://diversign.de/media/plg_content_mavikthumbnails/css/mavikthumbnails.css" referer="http://diversign.de/" error="" authtime="0" dnstime="541" cattime="90586" avscantime="1348" fullreqtime="391214" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions=""category="9998" reputation="neutral" categoryname="Uncategorized" country="Germany" sandbox="-" content-type="text/css"
    2018:03:09-09:14:24 post httpproxy[6373]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.x.y.41" dstip="217.160.167.174" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="17308" request="0xe320a00" url="http://diversign.de/index.php?option=com_ajax&plugin=arktypography&format=json" referer="http://diversign.de/" error="" authtime="0" dnstime="565"cattime="88562" avscantime="2507" fullreqtime="799560" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="" category="9998" reputation="neutral" categoryname="Uncategorized" country="Germany" sandbox="-" content-type="text/css"

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • I don't know why you're having a problem, Christian.  I just tested, and here are the first few lines from the log:

    2018:03:09-09:14:22 post httpproxy[6373]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.x.y.41" dstip="217.160.167.174" user="" group="" ad_domain="" statuscode="301" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="294" request="0xe6b4c00" url="http://www.diversign.de/" referer="" error="" authtime="0"dnstime="1
    85953" cattime="84185" avscantime="1613" fullreqtime="558438" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="" category="9998" reputation="neutral" categoryname="Uncategorized" country="Germany" sandbox="-" content-type="text/html"
    2018:03:09-09:14:23 post httpproxy[6373]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.x.y.41" dstip="217.160.167.174" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="16221" request="0xe09b5200" url="http://diversign.de/" referer="" error="" authtime="0" dnstime="185946" cattime="80982" avscantime="21379" fullreqtime="1408802" device="0" auth="
    0" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="" category="9998" reputation="neutral" categoryname="Uncategorized" country="Germany" sandbox="-" content-type="text/xml"
    2018:03:09-09:14:24 post httpproxy[6373]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.x.y.41" d
    stip="217.160.167.174" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="111" request="0xe6b6400" url="http://diversign.de/media/plg_content_mavikthumbnails/css/mavikthumbnails.css" referer="http://diversign.de/" error="" authtime="0" dnstime="541" cattime="90586" avscantime="1348" fullreqtime="391214" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions=""category="9998" reputation="neutral" categoryname="Uncategorized" country="Germany" sandbox="-" content-type="text/css"
    2018:03:09-09:14:24 post httpproxy[6373]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.x.y.41" dstip="217.160.167.174" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="17308" request="0xe320a00" url="http://diversign.de/index.php?option=com_ajax&plugin=arktypography&format=json" referer="http://diversign.de/" error="" authtime="0" dnstime="565"cattime="88562" avscantime="2507" fullreqtime="799560" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="" category="9998" reputation="neutral" categoryname="Uncategorized" country="Germany" sandbox="-" content-type="text/css"

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data