This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

web proxy errors again

I am getting errors int he proxy log again that are blocking quickbooks form updating. I have to totally kill the web proxy for this to go through:

2009:05:17-17:58:42 hescominsoon httpproxy[2567]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.255.15" user="" statuscode="206" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="48000" time="182 ms" request="0xa9b9e338" url="qb17fgpatchsp.quickbooks.com/.../119294" exceptions="av,content,url,mime" error=""
2009:05:17-17:58:43 hescominsoon httpproxy[2567]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.255.15" user="" statuscode="206" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="48000" time="133 ms" request="0xabd35858" url="qb17fgpatchsp.quickbooks.com/.../119294" exceptions="av,content,url,mime" error=""
2009:05:17-17:58:43 hescominsoon httpproxy[2567]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.255.15" user="" statuscode="206" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="48000" time="120 ms" request="0xabd35de0" url="qb17fgpatchsp.quickbooks.com/.../119294" exceptions="av,content,url,mime" error=""
2009:05:17-17:58:43 hescominsoon httpproxy[2567]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.255.15" user="" statuscode="206" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="48000" time="204 ms" request="0xa9b4b9d8" url="qb17fgpatchsp.quickbooks.com/.../119294" exceptions="av,content,url,mime" error=""

This thread was automatically locked due to age.

0 BAlfson over 16 years ago

William, all these lines are action="pass".

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 16 years ago

they say pass but the sites fail to load with the proxy on..otherwise i would not have posted.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 16 years ago in reply to William Warren

I wonder if this isn't IPS objecting. Anything there? What happens if you add an IPS exception for a DNS group qb17fgpatchsp.quickbooks.com?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 16 years ago

the log is from the proxy not the ips. the ips log and others are clear in this instance. Only disabling the proxy rectifies the situation. Right now it seems to have cleared up..but when it returns i'll update.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 16 years ago in reply to William Warren

I recognized that it was the 'Content Filter (HTTP)' log, but since it was all "pass" I figured there had to be a problem outside the HTTP/S proxy.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 16 years ago

nopers it was purely an http proxy error..it says pass but trust me those went nowhere until i turned off the proxy.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 16 years ago

[FONT=monospace]2009:07:07-18:01:03  hescominsoon httpproxy[3881]: id="0001" severity="info" sys="SecureWeb"  sub="http" name="http access" action="pass" method="POST" srcip="192.168.255.15"  user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default  Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)"  size="0" time="834 ms" request="0xa36c35c8" url="prisonplanet.tv/.../FONT]
[FONT=monospace]2009:07:07-18:01:12  hescominsoon httpproxy[3881]: id="0001" severity="info" sys="SecureWeb"  sub="http" name="http access" action="pass" method="POST" srcip="192.168.255.15"  user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default  Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)"  size="0" time="8362 ms" request="0xa36c35c8" url="prisonplanet.tv/"  exceptions="av,content,url,mime" error=""

see the error on the end of these lines?  when i see this the affected site will not load..and i get no errors in the browser.  The only thing i can do is turn off the proxy entirely.  Prisonplanet.tv refuses to load(only goes to a blank white page) with the proxy on.  I have put it in all whitelists and allowed area overrides to no avail.  the only way to fix this error when it comes up is to disable the entire web proxy.  I have had this happen multiple times through the v7 line and on multiple hardware configurations.
[/FONT]

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 16 years ago in reply to BAlfson

William, all these lines are action="pass".

here is the gotcha from the lines:

url="qb17fgpatchsp.quickbooks.com/.../119294" exceptions="av,content,url,mime" error=""

and

[FONT=monospace]url="prisonplanet.tv/.../FONT]

that's where the problem is.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 16 years ago in reply to William Warren

What could have caused 'size="0" time="834"' and 'size="0" time="8362"'?

How about flushing the browser cache, the Astaro DNS cache and the Astaro HTTP cache?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 16 years ago

don't use proxy cache(hit rate less than 10%) browser flushes at shutdown and have cleared workstation, server and astaro dns caches multiple times..only thing that fixes it is to shutdown the proxy totally.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel