Hi there,
I've found a bug in handling of web filter profiles.
As you can see in attached image I have configured one profile for my w8 test client with operation mode "Standard".
I've expected that If I don't configure a proxy in my browser I don't have internet access.
The UTM don't block this access. The request is handled by the "Default Webfilter Profile".
[HTML]2014:02:07-21:45:17 asg-2 httpproxy[9835]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.24.60" dstip="85.182.250.163" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4034" request="0x179ef760" url="www.google.de" exceptions="" error="" authtime="0" dnstime="11" cattime="309" avscantime="0" fullreqtime="100856477" device="0" auth="0" application="" category="145" reputation="trusted" categoryname="Search Engines"
2014:02:07-21:45:17 asg-2 httpproxy[9835]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.24.60" dstip="85.182.250.163" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5804" request="0x179ef540" url="www.google.de" exceptions="" error="" authtime="0" dnstime="8" cattime="279" avscantime="0" fullreqtime="100846140" device="0" auth="0" application="" category="145" reputation="trusted" categoryname="Search Engines"
[/HTML]
I think this is not a normal handling. If I configure in my standard profile access for all internal users in transparent mode, all other users that should use a profile with standard mode, could easy bypass this policy.
regards,
mod
Guest User!
You are not Sophos Staff.
