Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 1946 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

no warning page for games category

LeeWagner

Model: SG310
Firmware version:9.603-1

We have set users to be warned when trying to access gambling and games sites but whats strange is the warned message only appears on the gambling sites.  When they try to access a games site they get a page cannot be displayed.

The logs are identical (will paste below).  If i then change the games category to block the users then gets the blocked page as expected, change back to warn and page cannot be displayed again.!!!

Any suggestions??

 

2019:06:28-08:32:04 gw1 httpproxy[6010]: id="0071" severity="info" sys="SecureWeb" sub="http" name="web request warned, forbidden category detected" action="warn" method="CONNECT" srcip="10.1.0.120" dstip="" user="d.test" group="" ad_domain="DH" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3740" request="0xd9da3500" url="fantasy.premierleague.com/" referer="" error="" authtime="101" dnstime="0" aptptime="124" cattime="114" avscantime="0" fullreqtime="213693" device="1" auth="2" ua="" exceptions="" reason="category" category="116" reputation="neutral" categoryname="Games"

2019:06:28-08:32:07 gw1 httpproxy[6010]: id="0071" severity="info" sys="SecureWeb" sub="http" name="web request warned, forbidden category detected" action="warn" method="CONNECT" srcip="10.1.0.120" dstip="" user="d.test" group="" ad_domain="DH" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3734" request="0xda39e700" url="https://www.williamhill.com/" referer="" error="" authtime="103" dnstime="0" aptptime="115" cattime="110" avscantime="0" fullreqtime="209882" device="1" auth="2" ua="" exceptions="" reason="category" category="115" reputation="trusted" categoryname="Gambling"



This thread was automatically locked due to age.
  • 0

    Check DNS.   The most obvious cause of this error is that the name cannot be resolved to an IP address.

    Check routing.  Use ping and traceroute to see if you can actually reach the IP address of the remote site.

    Other things that are common issues but do not seem to fit your symptoms:

    • Is there an upstream firewall from your UTM that is imposing additional filter rules?   Traffic that is blocked upstream will produce this symptom, but it should only occur after the connection is allowed.
    • I do not see a country clause in your logs, so you must not have country blocking enabled, but when it is enabled, that possibility needs to be considered, although the evidence should be clear in the web filtering logs. 
    • Check UTM DNS resolution.   UTM IPS will block DNS lookups for certain top-level domains that involve high risk, such as .trade 
    • Check the Intrusion Protection log and the Application Control log to see if something was blocked by those layers instead of by web filtering.
    • Verify that the client device has the UTM CA certificate?   The certificate is necessary for block/warn pages to display correctly for https sites.   Most browsers warn on certificate errors, but Edge will block without allowing an override.
    • Are you using decrypt-and scan?  The major browsers support more ciphersuites than does UTM, so sometimes a site will not connect with decrypt-and-scan enabled because a common ciphersuite cannot be found.

     

  • 0 in reply to DouglasFoster

    thanks, but it seems to be any site categorised as games gets the same page cannot be displayed, but change to block rather than warn and the user get the blocked message !!

    Issue seems to be any games categorised site with the warn setting on it!.

    Lee

  • 0 in reply to LeeWagner

    If you are not a home user, I recommend opening a support case.   This seems like an unlikely type of bug, but recent versions have other bugs that are hard to explain also.

Unfiltered HTML