Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 6163 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Yahoo Web Mail Web Filtering Loophole?

EdwardMielcarek

Hello,

I am running into an issue where a user is able to login to sports.yahoo.com, and from there, they are able to launch their webmail from an icon/link located on sports.yahoo.com.

I found that mg.mail.yahoo.com could still be accessed, so I added it to "Web Protection > Filtering Options > Websites" and assigned it the category of "Web Mail".  It will still sometimes let a user view and navigate their email, but only sometimes.  

It's like there is an identity transfer or cross-site authentication occurring that sometimes gets flagged by the web filter.

It is important to continue to allow users to login to sports.yahoo.com, but I was hoping anyone could offer some advice on ensuring that the web mail loophole is closed in this scenario.

 

We are running:

SG210

UTM9 

Firmware 9.503-4

 



This thread was automatically locked due to age.
  • 0

    Hi Edward,

    Can you recreate this and provide the configuration screenshots and relevant log lines from the http.log? Please refer: Sophos UTM Logfile information.

    Thanks

  • 0 in reply to sachingurung

    Hi sachingurung,

    Please see the attached files.

     

    Fullscreen WebFilterUpload.txt Download 
    Going to sports.yahoo.com, then the mail icon:

2017:09:08-12:07:22 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.22.13" dstip="72.30.2.182" user="" group="" ad_domain="" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0x17dc1800" url="http://pr-bh.ybp.yahoo.com/sync/iponweb/csrc/5/?ssp_user_id=e69ea485-bb9f-4870-858f-71c3467ae111" referer="" error="" authtime="0" dnstime="869" cattime="327" avscantime="0" fullreqtime="65959" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" exceptions="" category="177" reputation="neutral" categoryname="Content Server" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:24 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.14" dstip="72.30.3.43" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7699" request="0x17fee000" url="https://na.ads.yahoo.com/" referer="" error="" authtime="0" dnstime="2" cattime="64" avscantime="0" fullreqtime="15453733" device="0" auth="0" ua="" exceptions="" category="154" reputation="unverified" categoryname="Web Ads" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:24 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.14" dstip="72.30.3.43" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7695" request="0x189f1000" url="https://na.ads.yahoo.com/" referer="" error="" authtime="0" dnstime="2" cattime="78" avscantime="0" fullreqtime="15570622" device="0" auth="0" ua="" exceptions="" category="154" reputation="unverified" categoryname="Web Ads" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:24 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.14" dstip="216.155.194.56" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="9700" request="0x18d94a00" url="https://ads.yahoo.com/" referer="" error="" authtime="0" dnstime="3" cattime="98" avscantime="0" fullreqtime="18514625" device="0" auth="0" ua="" exceptions="" category="154" reputation="trusted" categoryname="Web Ads" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:24 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.14" dstip="216.155.194.56" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7548" request="0x15c27600" url="https://ads.yahoo.com/" referer="" error="" authtime="0" dnstime="2" cattime="50" avscantime="0" fullreqtime="18572748" device="0" auth="0" ua="" exceptions="" category="154" reputation="trusted" categoryname="Web Ads" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:24 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.14" dstip="72.30.3.43" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7695" request="0x155bb600" url="https://na.ads.yahoo.com/" referer="" error="" authtime="0" dnstime="2" cattime="156" avscantime="0" fullreqtime="16117873" device="0" auth="0" ua="" exceptions="" category="154" reputation="unverified" categoryname="Web Ads" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:25 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.14" dstip="72.30.3.43" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5681" request="0x190c5600" url="https://na.ads.yahoo.com/" referer="" error="" authtime="0" dnstime="2" cattime="277" avscantime="0" fullreqtime="11511045" device="0" auth="0" ua="" exceptions="" category="154" reputation="unverified" categoryname="Web Ads" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:29 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.23.10" dstip="69.147.64.33" user="" group="" ad_domain="" statuscode="301" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="8" request="0x16abec00" url="http://sports.yahoo.com/" referer="" error="" authtime="0" dnstime="18396" cattime="90" avscantime="0" fullreqtime="76593" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36" exceptions="" country="United States" content-type="text/html" application="yahoo" app-id="553"
2017:09:08-12:07:40 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="69.147.64.33" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6056" request="0x16005200" url="https://api-secure.sports.yahoo.com/" referer="" error="" authtime="0" dnstime="23442" cattime="89" avscantime="0" fullreqtime="10865140" device="0" auth="0" ua="" exceptions="" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:40 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="69.147.64.33" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6056" request="0x15c4d600" url="https://api-secure.sports.yahoo.com/" referer="" error="" authtime="0" dnstime="21444" cattime="186" avscantime="0" fullreqtime="10863727" device="0" auth="0" ua="" exceptions="" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:40 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="69.147.64.33" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6056" request="0x18948a00" url="https://api-secure.sports.yahoo.com/" referer="" error="" authtime="0" dnstime="21492" cattime="74" avscantime="0" fullreqtime="10863836" device="0" auth="0" ua="" exceptions="" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:40 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="98.138.81.72" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6026" request="0x19763200" url="https://geo.yahoo.com/" referer="" error="" authtime="0" dnstime="3" cattime="78" avscantime="0" fullreqtime="10879560" device="0" auth="0" ua="" exceptions="" category="141" reputation="neutral" categoryname="Portal Sites" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:40 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="98.138.81.72" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6026" request="0x927a600" url="https://geo.yahoo.com/" referer="" error="" authtime="0" dnstime="3" cattime="81" avscantime="0" fullreqtime="10883738" device="0" auth="0" ua="" exceptions="" category="141" reputation="neutral" categoryname="Portal Sites" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:40 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="98.138.81.72" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6026" request="0x19bc2600" url="https://geo.yahoo.com/" referer="" error="" authtime="0" dnstime="2" cattime="77" avscantime="0" fullreqtime="10878951" device="0" auth="0" ua="" exceptions="" category="141" reputation="neutral" categoryname="Portal Sites" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:40 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="98.138.81.72" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6026" request="0x15c4ca00" url="https://geo.yahoo.com/" referer="" error="" authtime="0" dnstime="3" cattime="76" avscantime="0" fullreqtime="10873869" device="0" auth="0" ua="" exceptions="" category="141" reputation="neutral" categoryname="Portal Sites" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:40 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="69.147.64.34" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6032" request="0x17fee600" url="https://yep.video.yahoo.com/" referer="" error="" authtime="0" dnstime="38182" cattime="28832" avscantime="0" fullreqtime="10847400" device="0" auth="0" ua="" exceptions="" category="147" reputation="neutral" categoryname="Streaming Media" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:40 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="69.147.64.34" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6032" request="0x18f03200" url="https://yep.video.yahoo.com/" referer="" error="" authtime="0" dnstime="31273" cattime="29200" avscantime="0" fullreqtime="10841222" device="0" auth="0" ua="" exceptions="" category="147" reputation="neutral" categoryname="Streaming Media" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:40 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="69.147.64.34" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6032" request="0x17431e00" url="https://yep.video.yahoo.com/" referer="" error="" authtime="0" dnstime="36112" cattime="29163" avscantime="0" fullreqtime="10846506" device="0" auth="0" ua="" exceptions="" category="147" reputation="neutral" categoryname="Streaming Media" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:40 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="76.13.28.70" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5479" request="0x193d9800" url="https://csc.beap.bc.yahoo.com/" referer="" error="" authtime="0" dnstime="3" cattime="115" avscantime="0" fullreqtime="10459204" device="0" auth="0" ua="" exceptions="" category="141" reputation="trusted" categoryname="Portal Sites" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:40 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="98.137.201.232" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4948" request="0x184b5000" url="https://geo.query.yahoo.com/" referer="" error="" authtime="0" dnstime="4" cattime="147" avscantime="0" fullreqtime="10460818" device="0" auth="0" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:42 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="98.138.49.23" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4729" request="0x178a8600" url="https://sp.analytics.yahoo.com/" referer="" error="" authtime="0" dnstime="3" cattime="122" avscantime="0" fullreqtime="10297852" device="0" auth="0" ua="" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:44 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="216.155.194.56" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5368" request="0x19c78c00" url="https://na.ads.yahoo.com/" referer="" error="" authtime="0" dnstime="2" cattime="127" avscantime="0" fullreqtime="10248675" device="0" auth="0" ua="" exceptions="" category="154" reputation="unverified" categoryname="Web Ads" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:55 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="98.139.225.43" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5681" request="0x15c1b000" url="https://ads.yahoo.com/" referer="" error="" authtime="0" dnstime="3" cattime="242" avscantime="0" fullreqtime="11247472" device="0" auth="0" ua="" exceptions="" category="154" reputation="trusted" categoryname="Web Ads" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:55 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="98.139.225.43" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5681" request="0x932f200" url="https://ads.yahoo.com/" referer="" error="" authtime="0" dnstime="2" cattime="143" avscantime="0" fullreqtime="11246521" device="0" auth="0" ua="" exceptions="" category="154" reputation="trusted" categoryname="Web Ads" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:55 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="216.155.194.56" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5681" request="0xfac7800" url="https://na.ads.yahoo.com/" referer="" error="" authtime="0" dnstime="2" cattime="234" avscantime="0" fullreqtime="11242659" device="0" auth="0" ua="" exceptions="" category="154" reputation="unverified" categoryname="Web Ads" country="United States" application="yahoo" app-id="553"
2017:09:08-12:07:55 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="216.155.194.56" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5681" request="0x17dba600" url="https://na.ads.yahoo.com/" referer="" error="" authtime="0" dnstime="2" cattime="82" avscantime="0" fullreqtime="11246445" device="0" auth="0" ua="" exceptions="" category="154" reputation="unverified" categoryname="Web Ads" country="United States" application="yahoo" app-id="553"
2017:09:08-12:08:09 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="76.13.28.70" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5479" request="0x17d31600" url="https://csc.beap.bc.yahoo.com/" referer="" error="" authtime="0" dnstime="3" cattime="89" avscantime="0" fullreqtime="10228117" device="0" auth="0" ua="" exceptions="" category="141" reputation="trusted" categoryname="Portal Sites" country="United States" application="yahoo" app-id="553"
2017:09:08-12:08:09 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="98.137.201.232" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4948" request="0xfac7e00" url="https://geo.query.yahoo.com/" referer="" error="" authtime="0" dnstime="2" cattime="204" avscantime="0" fullreqtime="10227245" device="0" auth="0" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" country="United States" application="yahoo" app-id="553"
2017:09:08-12:08:11 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="98.139.225.43" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5681" request="0x17bc7000" url="https://ads.yahoo.com/" referer="" error="" authtime="0" dnstime="3" cattime="99" avscantime="0" fullreqtime="10389743" device="0" auth="0" ua="" exceptions="" category="154" reputation="trusted" categoryname="Web Ads" country="United States" application="yahoo" app-id="553"
2017:09:08-12:08:11 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="98.139.225.43" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5681" request="0x927be00" url="https://ads.yahoo.com/" referer="" error="" authtime="0" dnstime="2" cattime="116" avscantime="0" fullreqtime="10369655" device="0" auth="0" ua="" exceptions="" category="154" reputation="trusted" categoryname="Web Ads" country="United States" application="yahoo" app-id="553"
2017:09:08-12:08:12 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="98.138.49.92" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4730" request="0x154bd200" url="https://cms.analytics.yahoo.com/" referer="" error="" authtime="0" dnstime="18770" cattime="156" avscantime="0" fullreqtime="10647021" device="0" auth="0" ua="" exceptions="" category="181" reputation="neutral" categoryname="Marketing/Merchandising" country="United States" application="yahoo" app-id="553"
2017:09:08-12:08:12 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="98.139.199.205" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6029" request="0x15d6ac00" url="https://pclick.yahoo.com/" referer="" error="" authtime="0" dnstime="161" cattime="318" avscantime="0" fullreqtime="10681296" device="0" auth="0" ua="" exceptions="" category="141" reputation="trusted" categoryname="Portal Sites" country="United States" application="yahoo" app-id="553"
2017:09:08-12:08:12 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="98.139.199.205" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6029" request="0x19478a00" url="https://pclick.yahoo.com/" referer="" error="" authtime="0" dnstime="3" cattime="88" avscantime="0" fullreqtime="10678706" device="0" auth="0" ua="" exceptions="" category="141" reputation="trusted" categoryname="Portal Sites" country="United States" application="yahoo" app-id="553"
2017:09:08-12:08:19 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="72.30.2.182" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4708" request="0x18ffc400" url="https://pr-bh.ybp.yahoo.com/" referer="" error="" authtime="0" dnstime="2" cattime="54" avscantime="0" fullreqtime="11907811" device="0" auth="0" ua="" exceptions="" category="177" reputation="neutral" categoryname="Content Server" country="United States" application="yahoo" app-id="553"
2017:09:08-12:08:20 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="98.138.49.11" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6966" request="0x17d48a00" url="https://beap.gemini.yahoo.com/" referer="" error="" authtime="0" dnstime="3" cattime="114" avscantime="0" fullreqtime="212649" device="0" auth="0" ua="" exceptions="" category="141" reputation="neutral" categoryname="Portal Sites" country="United States" application="yahoo" app-id="553"
2017:09:08-12:08:21 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="216.155.194.56" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="18405" request="0x18c50c00" url="https://na.ads.yahoo.com/" referer="" error="" authtime="0" dnstime="8417" cattime="88" avscantime="0" fullreqtime="48020549" device="0" auth="0" ua="" exceptions="" category="154" reputation="unverified" categoryname="Web Ads" country="United States" application="yahoo" app-id="553"
2017:09:08-12:08:22 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="98.139.225.43" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="22598" request="0x1933b800" url="https://ads.yahoo.com/" referer="" error="" authtime="0" dnstime="19475" cattime="102" avscantime="0" fullreqtime="48185350" device="0" auth="0" ua="" exceptions="" category="154" reputation="trusted" categoryname="Web Ads" country="United States" application="yahoo" app-id="553"
2017:09:08-12:08:22 ClientUTM httpproxy[6239]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.23.10" dstip="216.155.194.56" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="9986" request="0x15c4ca00" url="https://na.ads.yahoo.com/" referer="" error="" authtime="0" dnstime="2" cattime="90" avscantime="0" fullreqtime="26695935" device="0" auth="0" ua="" exceptions="" category="154" reputation="unverified" categoryname="Web Ads" country="United States" application="yahoo" app-id="553"

Going directly to https://mg.mail.yahoo.com:

2017:09:08-12:16:06 ClientUTM httpproxy[6239]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.23.10" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3171" request="0x173ee600" url="https://mg.mail.yahoo.com/" referer="" error="" authtime="0" dnstime="0" cattime="94" avscantime="0" fullreqtime="225711" device="0" auth="0" ua="" exceptions="" overridecategory="1" reason="category" category="156" reputation="neutral" categoryname="Web Mail"
2017:09:08-12:16:07 ClientUTM httpproxy[6239]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.23.10" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3171" request="0x1a2bd200" url="https://mg.mail.yahoo.com/" referer="" error="" authtime="0" dnstime="0" cattime="106" avscantime="0" fullreqtime="215878" device="0" auth="0" ua="" exceptions="" overridecategory="1" reason="category" category="156" reputation="neutral" categoryname="Web Mail"
2017:09:08-12:16:07 ClientUTM httpproxy[6239]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="192.168.23.10" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3171" request="0x179e0600" url="https://mg.mail.yahoo.com/" referer="" error="" authtime="0" dnstime="0" cattime="108" avscantime="0" fullreqtime="214326" device="0" auth="0" ua="" exceptions="" overridecategory="1" reason="category" category="156" reputation="neutral" categoryname="Web Mail"

  • 0 in reply to EdwardMielcarek

    If you're still seeing this behavior, please show the line from the Web Filtering log where access is not blocked or point out the line above where this occurred.

    Cheers - Bob