Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 25337 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Options for bypassing Webproxy in Sophos XG to access particular webpage

Peter Mueller

Dear all,

 

since 6 month I am running Sophos XG as a virtual appliance on vmware ESXI. So far everything is set up as I need it but from time to time I have trouble finding/understanding the right settings for particular use cases.

I am using the latest Sophos Firmware, Sophos Endpoint Protection and Sophos Authenticator for various PCs.

 

 

right now I have the following issue:

I would like to open a link from noref.co (http://noref.co/?id=xxxxxxx)

Using my current settings, I get an error message on that page, that proxys aren't allowed. Message: "Proxys are not allowed to connect to this page, please connect directly"

 

This is what I did so far to find a solution:

1. In order to bypass the proxy temporarily, I created a firewall rule on the very top, with source being the IP address of the PC trying to connect to this page. Destination is "any" and none filtering rules are activated.

The result is, on noref.co the warning message disapears but now I only see a blank page. So nothing happens.

-> so no success

 

2. under Protect - Web - Advanced, I remove Port 80 in Web Proxy Configuration (only for testing purposes of course). Apparently, using this method I bypass the proxy but Sophos shows me blocked request warning: 

The web site you are trying to access: 
http://noref.co/?id=1511364520
is listed as a site within the category Dynamic DNS & ISP Sites

Current Internet Access Configuration for you does not allow visiting sites within this category at this time.

 

3. If I combine try number 1 and 2, I again end up seeing a blank page.

 

Here's where I'm stuck. So my questions are:

1. How do I properly bypass the webproxy of Sophos for a specific IP or PC? e.g. using a Transparent Skip list which I can't find in Sophos XG

2. How do I bypass the webfiltering by categories for a specific IP?

 

Any help is appreciated pointing me into the right direction.

 

Greetz,

Peter



This thread was automatically locked due to age.
  • 0

    Hello Peter,

     

    The best way to allow those websites is to allow them from Web Filter Policy. Select the category under which the "website" is falling and set action as "allow". You can also bypass them completely by adding the Regex or Domain or IP address under Protect > Web > Exceptions > Add Exception  and edit this rule as per your requirement i.e domain/REGEX/Source IP or Destination IP and Skip checks for HTTPS Decryption, Malware Scanning, Sandstorm, Policy Checks

  • 0 in reply to AsadulHasan

    Hi Asad,

     

    thanks for your hints. 

     

    1. Under Protect -> Web -> Policies I can't find this the category "Dynamic DNS & ISP Sites". I read that it should be listed within the group "others" which is not configured in my case.

    Or am I missing something? However wouldn't allowing this category allow it for every user in the network?

     

    2. I added the following under  Protect > Web > Exceptions > Add Exception

    This unfortunately doesn't work either.

     

    What's wrong with my config?

     

    Best

  • 0 in reply to Peter Mueller

    Sophos XG acts as a proxy even if you put the proper exceptions inside the Exceptions under Web Menu.

    In order to avoid XG Proxy:

    • create a firewall rule lan to wan, where the destination source is the destination FQDN host (in this case the FQDN is noref.co)
    • Put the firewall rule at the top and do not check any malware scanning, leave IPS, Applicationa and Web Filtering to none.

    Make sure to enable logging.

    That's all!

  • 0 in reply to lferrara

    thanks for clarification.

     

    That was my very first attempt.

    1. In order to bypass the proxy temporarily, I created a firewall rule on the very top, with source being the IP address of the PC trying to connect to this page. Destination is "any" and none filtering rules are activated.

    The result is, on noref.co the warning message disapears but now I only see a blank page. So nothing happens.

    -> so no success

     

    So it seems, the proxy is being bypassed but why do I only get a blank page?

  • 0 in reply to Peter Mueller

    Peter,

    in my case I see a blank page in German. XG now should not responsible anymore.

  • 0 in reply to lferrara

    That's the main page noref.co

    It's only a linkshortener, so nothings interesting is on that page. But try http://noref.co/?id=1511364520  (That's just an example)

    Using a device connected via Sophos shows the blank page. Using the same device in another network not protected by Sophos redirects to filecrypt.cc

  • 0

    Go into the command line "Device Console".

    Type:

    set http add_via_header off

     

    The proxy will no longer add the Via header and the far website will not detect there was a proxy.

    This is a global setting.

    For 99.9% of traffic it makes no difference.  Only when you have things like multiple proxies or you are trying to debug forwarding loops.

  • 0 in reply to Michael Dunn

    Michael,

    This will disable host header globally. Hope you will integrate this skipping feature into next releases.

    Thanks

  • 0 in reply to lferrara

    It will disable the Via in the request and response header.  As stated, 99% of the internet does not care one way or another.  The UTM also has this on by default, skippable via cc.  There are no changes planned for future releases.