Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 6 subscribers
  • Views 12964 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bug - Improper headers for blocked content

Unknown Unknown1

Dear all,

While toying around with cURL and Sophos Anti-Virus, I noticed that the Web Protection service:

▸ Returns a 403 Forbidden error when the domain's reputation is deemed unsuitable

▸ Returns a 200 OK error when the content is blocked

Compare, for example:

▸ Loading the Sophos malware-blocking test page

$ /usr/bin/curl --compressed "http://sophostest.com/malware/" -sI
    HTTP/1.1 403 Forbidden
    Content-Length: 6865
    Content-Type: text/html; charset=UTF-8
    Cache-Control: no-cache
    Connection: close
    Proxy-Connection: close

▸ Loading the Eicar.org pseudo-virus

 
/usr/bin/curl --compressed “www.eicar.org/.../eicar.com.txt" -sI
    HTTP/1.1 200 OK
    Date: Fri, 03 Jul 2015 12:20:55 GMT
    Server: Apache
    Content-disposition: attachment; filename="eicar.com.txt"
    Cache-control: private
    Content-length: 68
    Content-Type: application/octet-stream
 
This seems to be a bug, as both attempts result in a Sophos-generated error page being displayed.
:1021180


This thread was automatically locked due to age.
Parents
  • 0

    Thank you for your kind reply, Serra.

    These are indeed two distinct features, and I do understand that they behave in a different way. It does seem strange, however, to display similar results to the user, namely the block page, while returning two different sets of headers to the browsers or scripts that bump into the error. This makes it difficult to evaluate the situation programatically, and I can imagine quite a few scenarios where it could be confusing.

    It's a minor issue, of course…

    :1021195
Reply
  • 0

    Thank you for your kind reply, Serra.

    These are indeed two distinct features, and I do understand that they behave in a different way. It does seem strange, however, to display similar results to the user, namely the block page, while returning two different sets of headers to the browsers or scripts that bump into the error. This makes it difficult to evaluate the situation programatically, and I can imagine quite a few scenarios where it could be confusing.

    It's a minor issue, of course…

    :1021195
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?