Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 10 replies
  • Subscribers 0 subscribers
  • Views 3643 views
  • Users 0 members are here
Options
Suggested

[8.285][QUESTION][ANSWERED] Web Filtering Question

brk
How do I debug a problem that shows up when web filtering is enabled?  I had web filtering off, but decided to turn it back on.  I know this worked a long time back, but many things have changed in that time.

Problem -  Sonos Rhapsody client will not update the channel lists.

all that is showing up in the web filter logs is -
2011:12:04-15:15:54 brk httpproxy[9942]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.243" dstip="66.150.171.142" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2133" request="0xee703710" url="direct.rhapsody.com/.../RhapsodyDirectMetadata" exceptions="av,auth,content,url,mime,cache,fileextension" error=""
2011:12:04-15:16:34 brk httpproxy[9942]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.243" dstip="66.150.171.142" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="169950" request="0xa06fd00" url="direct.rhapsody.com/.../RhapsodyDirectMetadata" exceptions="av,auth,content,url,mime,cache,fileextension" error=""
2011:12:04-15:18:06 brk httpproxy[9942]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.243" dstip="66.150.171.142" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2133" request="0xa06fa30" url="direct.rhapsody.com/.../RhapsodyDirectMetadata" exceptions="av,auth,content,url,mime,cache,fileextension" error=""
2011:12:04-15:18:47 brk httpproxy[9942]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.243" dstip="66.150.171.142" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="171268" request="0xa0281b8" url="direct.rhapsody.com/.../RhapsodyDirectMetadata" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension" error=""

Which is showing the exception placed for that server.

If I disable web filtering then the application works properly.

I am trying to avoid adding a total exclusion for the server.
Parents
  • 0
    I think brk knows what I'm about to say, but, just so others don't get confused: the 'Transparent mode skiplist' really only uses IP addresses instead of URLs.  That is to say, a DNS Host definition with direct.rhapsody.com resolves to 66.150.171.142 in that list.  When the proxy is in transparent mode, it sees that your browser is asking to connect to 66.150.171.142, and so "skips" that particular request - it won't even show up in the log file.

    @brk - Is there anything unusual in your Firewall log at the same time as your attempts above?  Is there anything in the httpproxy log between those four entries above -something blocked that might have been a part of the conversation with 66.150.171.142? 

    Cheers - Bob
    PS Actually, that should be ^https?://[A-Za-z0-9.-]*rhapsody[/B].com/ to be precise, but it works because . matches to any single character.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    I think brk knows what I'm about to say, but, just so others don't get confused: the 'Transparent mode skiplist' really only uses IP addresses instead of URLs.  That is to say, a DNS Host definition with direct.rhapsody.com resolves to 66.150.171.142 in that list.  When the proxy is in transparent mode, it sees that your browser is asking to connect to 66.150.171.142, and so "skips" that particular request - it won't even show up in the log file.

    @brk - Is there anything unusual in your Firewall log at the same time as your attempts above?  Is there anything in the httpproxy log between those four entries above -something blocked that might have been a part of the conversation with 66.150.171.142? 

    Cheers - Bob
    PS Actually, that should be ^https?://[A-Za-z0-9.-]*rhapsody[/B].com/ to be precise, but it works because . matches to any single character.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML