Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 5 replies
  • Subscribers 0 subscribers
  • Views 1375 views
  • Users 0 members are here
Options
Suggested

[7.490][QUESTION][ANSWERED] Content Blocked with a valid download

FreudianSlip
Not sure if this is specific to v7.490 but..

If I configure my browser to use my ASG and then attempt to download 

PHP: Get Download

php 5.3 in either bz2 or gzip formats, I get a content blocked message.  Almost instantly for the bz2, but after the download bar completes with the .gz.

If I then avoid the proxy and go direct, the link & download work 1st time for either file, so it's not a mis-labelled site down message (in this instance).

Bug? (I cant test it on previous versions of ASG without screwing things up this side)
Parents
  • 0
    Can you post the relevant lines from the Content Filter (HTTP) log?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Taken from the log as requested:

    name="http access" action="pass" method="POST" srcip="192.168.1.253" user="" statuscode="200" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="192 ms" request="0xb2268e20" url="207.46.124.153/.../gateway.dll
    2009:09:13-07:13:52 wmclasg httpproxy[3963]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.253" user="" statuscode="200" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="190 ms" request="0xb2268e20" url="207.46.124.153/.../gateway.dll
    2009:09:13-07:14:03 wmclasg httpproxy[3963]: [0xb22ad568] avira_error_cb (avirascanner.c:81) name unkwn.tar --> php-5.3.0/ext/bz2/tests/004_2.txt.bz2, category 2, level 0, code 29 (Error processing archive)
    2009:09:13-07:14:03 wmclasg httpproxy[3963]: id="0056" severity="info" sys="SecureWeb" sub="http" name="web request blocked, error while scanning" action="block" method="GET" srcip="192.168.1.253" user="" statuscode="500" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2211" time="35304 ms" request="0xb22ad568" url="uk.php.net/.../php-5.3.0.tar.bz2" exceptions="auth,content,url,mime" error="" engine="Astaro-AV"
    2009:09:13-07:14:03 wmclasg httpproxy[3963]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.253" user="" statuscode="200" cached="4" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="822" time="140 ms" request="0xb22ad568" url="uk.php.net/favicon.ico" exceptions="auth,content,url,mime" error=""
    2009:09:13-07:14:13 wmclasg httpproxy[3963]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.253" user="" statuscode="200" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="187 ms" request="0xb2268e20" url="207.46.124.153/.../gateway.dll
    2009:09:13-07:14:16 wmclasg httpproxy[3963]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.253" user="" statuscode="200" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="39607" time="1067 ms" request="0xb22202c0" url="us2.php.net/.../mirror" exceptions="auth,content,url,mime" error=""
    2009:09:13-07:14:19 wmclasg httpproxy[3963]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.253" user="" statuscode="302" cached="4" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1" time="434 ms" request="0xa87324f8" url="us2.php.net/.../mirror" exceptions="auth,content,url,mime" error=""
    2009:09:13-07:14:28 wmclasg httpproxy[3963]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.253" user="" statuscode="404" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction=" ()" size="2191" time="13360 ms" request="0xb22202c0" url="passthrough.fw-notify.net/favicon.ico" exceptions="auth,content,url,mime" error=""
    2009:09:13-07:14:31 wmclasg httpproxy[3963]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.253" user="" statuscode="404" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction=" ()" size="2191" time="0 ms" request="0xb22590b8" url="passthrough.fw-notify.net/favicon.ico" exceptions="auth,content,url,mime" error=""
    2009:09:13-07:14:34 wmclasg httpproxy[3963]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.253" user="" statuscode="200" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="189 ms" request="0xb2268e20" url="207.46.124.153/.../gateway.dll
    2009:09:13-07:14:43 wmclasg httpproxy[3963]: [0xb2259f68] avira_error_cb (avirascanner.c:81) name php-5.3.0.tar --> php-5.3.0/ext/bz2/tests/004_2.txt.bz2, category 2, level 0, code 29 (Error processing archive)
    2009:09:13-07:14:44 wmclasg httpproxy[3963]: id="0056" severity="info" sys="SecureWeb" sub="http" name="web request blocked, error while scanning" action="block" method="GET" srcip="192.168.1.253" user="" statuscode="500" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2209" time="24711 ms" request="0xb2259f68" url="uk.php.net/.../php-5.3.0.tar.gz" exceptions="auth,content,url,mime" error="" engine="Astaro-AV"
    2009:09:13-07:14:53 wmclasg httpproxy[3963]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="POST" srcip="192.168.1.253" user="" statuscode="404" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction=" ()" size="2199" time="34510 ms" request="0xb2259f68" url="passthrough.fw-notify.net/.../462022" exceptions="auth,content,url,mime" error=""
Reply
  • 0 in reply to BAlfson
    Taken from the log as requested:

    name="http access" action="pass" method="POST" srcip="192.168.1.253" user="" statuscode="200" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="192 ms" request="0xb2268e20" url="207.46.124.153/.../gateway.dll
    2009:09:13-07:13:52 wmclasg httpproxy[3963]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.253" user="" statuscode="200" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="190 ms" request="0xb2268e20" url="207.46.124.153/.../gateway.dll
    2009:09:13-07:14:03 wmclasg httpproxy[3963]: [0xb22ad568] avira_error_cb (avirascanner.c:81) name unkwn.tar --> php-5.3.0/ext/bz2/tests/004_2.txt.bz2, category 2, level 0, code 29 (Error processing archive)
    2009:09:13-07:14:03 wmclasg httpproxy[3963]: id="0056" severity="info" sys="SecureWeb" sub="http" name="web request blocked, error while scanning" action="block" method="GET" srcip="192.168.1.253" user="" statuscode="500" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2211" time="35304 ms" request="0xb22ad568" url="uk.php.net/.../php-5.3.0.tar.bz2" exceptions="auth,content,url,mime" error="" engine="Astaro-AV"
    2009:09:13-07:14:03 wmclasg httpproxy[3963]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.253" user="" statuscode="200" cached="4" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="822" time="140 ms" request="0xb22ad568" url="uk.php.net/favicon.ico" exceptions="auth,content,url,mime" error=""
    2009:09:13-07:14:13 wmclasg httpproxy[3963]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.253" user="" statuscode="200" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="187 ms" request="0xb2268e20" url="207.46.124.153/.../gateway.dll
    2009:09:13-07:14:16 wmclasg httpproxy[3963]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.253" user="" statuscode="200" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="39607" time="1067 ms" request="0xb22202c0" url="us2.php.net/.../mirror" exceptions="auth,content,url,mime" error=""
    2009:09:13-07:14:19 wmclasg httpproxy[3963]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.253" user="" statuscode="302" cached="4" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1" time="434 ms" request="0xa87324f8" url="us2.php.net/.../mirror" exceptions="auth,content,url,mime" error=""
    2009:09:13-07:14:28 wmclasg httpproxy[3963]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.253" user="" statuscode="404" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction=" ()" size="2191" time="13360 ms" request="0xb22202c0" url="passthrough.fw-notify.net/favicon.ico" exceptions="auth,content,url,mime" error=""
    2009:09:13-07:14:31 wmclasg httpproxy[3963]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.253" user="" statuscode="404" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction=" ()" size="2191" time="0 ms" request="0xb22590b8" url="passthrough.fw-notify.net/favicon.ico" exceptions="auth,content,url,mime" error=""
    2009:09:13-07:14:34 wmclasg httpproxy[3963]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.253" user="" statuscode="200" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="189 ms" request="0xb2268e20" url="207.46.124.153/.../gateway.dll
    2009:09:13-07:14:43 wmclasg httpproxy[3963]: [0xb2259f68] avira_error_cb (avirascanner.c:81) name php-5.3.0.tar --> php-5.3.0/ext/bz2/tests/004_2.txt.bz2, category 2, level 0, code 29 (Error processing archive)
    2009:09:13-07:14:44 wmclasg httpproxy[3963]: id="0056" severity="info" sys="SecureWeb" sub="http" name="web request blocked, error while scanning" action="block" method="GET" srcip="192.168.1.253" user="" statuscode="500" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2209" time="24711 ms" request="0xb2259f68" url="uk.php.net/.../php-5.3.0.tar.gz" exceptions="auth,content,url,mime" error="" engine="Astaro-AV"
    2009:09:13-07:14:53 wmclasg httpproxy[3963]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="POST" srcip="192.168.1.253" user="" statuscode="404" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction=" ()" size="2199" time="34510 ms" request="0xb2259f68" url="passthrough.fw-notify.net/.../462022" exceptions="auth,content,url,mime" error=""
Children
No Data
Unfiltered HTML