Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 857 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sophostest.com not blocked in webfilter

LHerzog

I wonder why this is never blocked on our XG. Any idea?

https://sophostest.com/adult/index.html

No Exceptions fot this FQDN

This Firewall rule applies. Which has no Webfiltering enabled. I wonder to which host sophostest.com belongs?

Probably the IP I'm resolving also belongs to one of those many Sophos Exception Hosts.

nslookup

> set type=any
> sophostest.com

sophostest.com  internet address = 65.9.68.75
sophostest.com  internet address = 65.9.68.96
sophostest.com  internet address = 65.9.68.15
sophostest.com  internet address = 65.9.68.57

Also wondering why Intercept X is not blocking this also.

Would be probably better if you place this host on a cloud server that is not providing updates to your security products.



This thread was automatically locked due to age.
Parents
  • 0

    I can understand the client perhaps not blocking it as it's a bit of an odd case really. I.e, one domain classified in many buckets based on sub pages.

    If you access it with HTTP then I would expect the EP to classify it correctly.  If you access it with HTTPS, then only the domain name is seen at the EP which it gets from the SNI.  As sophostest.com itself isn't classified as you expect it will not be picked up.  You would need to be doing SSL inspection to observe the /adult/index.html part of the url.

Reply
  • 0

    I can understand the client perhaps not blocking it as it's a bit of an odd case really. I.e, one domain classified in many buckets based on sub pages.

    If you access it with HTTP then I would expect the EP to classify it correctly.  If you access it with HTTPS, then only the domain name is seen at the EP which it gets from the SNI.  As sophostest.com itself isn't classified as you expect it will not be picked up.  You would need to be doing SSL inspection to observe the /adult/index.html part of the url.

Children
No Data