Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 2085 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

proxy error

William Warren
[FONT=monospace]2009:03:04-11:53:59 jerhico httpproxy[29029]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.255.12" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2868" time="25541 ms" request="0xb2a85d30" url="a1347.l2097411361.c20974.g.lm.akamaistream.net/.../reflector:11361
[FONT=monospace]

I had to add akamaistream.net to the a/v exceptions list even though i have bypass streaming media set in the http proxy.  This needs to be added to the base exceptions baked into astaro.
[/FONT]


This thread was automatically locked due to age.
  • 0
    Here's another:
    [FONT=monospace]2009:03:04-12:01:44 jerhico httpproxy[29029]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.255.12" user="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2218" time="8066 ms" request="0xb2e7f0c8" url="citadelcc-WMAL-AM.wm.llnwd.net/.../FONT]
    [FONT=monospace]
    [/FONT]

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0 in reply to William Warren
    Wlliam, this is a good suggestion.  The documentation does seem to indicate that the only skip is of the content filter scan, but it makes sense that the AV scan also should be skipped when this box is checked.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to William Warren
    The problem is that the bypass streaming media check, relys on fairly static entries.  
     
    It could use the content filtering, which is definately not all inclusive.  I run into quite a few sites that are uncategorized every day.  It may also use the "well-known" media streaming ports.  
     
    The problem with this one is that any given stream can be on any port the provider chooses.  I've been seeing more and more using custom ports in an attempt to bypass filtering.
     
    All told, it makes stream management anything but a "set and forget" situation.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen
    Yes, Scott, but it looks like William's traffic was http, not an alternate port.  My guess is that it uses the traffic-classifier and sees what port-80 traffic is "streaming media" and lets that pass.

    Then again, the content filter doesn't analyze the traffic, it just decides whether to allow the proxy to contact a given site, so this is looking more and more like a bug...

    I hope Angelo or one of the others comes by here.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to Scott_Klassen
    The problem is that the bypass streaming media check, relys on fairly static entries.  
     
    It could use the content filtering, which is definately not all inclusive.  I run into quite a few sites that are uncategorized every day.  It may also use the "well-known" media streaming ports.  
     
    The problem with this one is that any given stream can be on any port the provider chooses.  I've been seeing more and more using custom ports in an attempt to bypass filtering.
     
    All told, it makes stream management anything but a "set and forget" situation.

    the proxy classified the content as streaming/internet..so it knew what it was.  So it could leverage the content filter to bypass the a/v for this.  If it's static then that is a bad design flaw and needs to leverage the content filter.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow