This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Transparent proxy and HTML email.

For the last couple of weeks I have been trying to resolve an email problem. The graphics (GIF, JPEG etc) associated with the HTML links have stopped appearing in the emails.
The only thing that has changed in this period is the Astaro 7.500 Up2Date. I have not made any configuration changes in this period.
Looking at the Content Filter (HTTP/S) logs from before and after shows a difference but I do not know about it. Here is are two entries generated by emails from the same source on 05-10-2009 (displayed fine on receipt) and 20-10-2009 (did not display on receipt):-

2009:10:05-16:44:27 gateway httpproxy[18927]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.1" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="123" time="377 ms" request="0xaa5115a0" url="www.mscjlindustrial.co.uk/.../gif"
2009:10:05-16:44:28 gateway httpproxy[18927]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.1" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="43" time="312 ms" request="0xaa5115a0" url="www.mscjlindustrial.co.uk/.../gif"
2009:10:05-16:44:28 gateway httpproxy[18927]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.1" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="145" time="346 ms" request="0xaa5115a0" url="www.mscjlindustrial.co.uk/.../gif"
2009:10:05-16:44:29 gateway httpproxy[18927]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.1" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3115" time="362 ms" request="0xaa5115a0" url="www.mscjlindustrial.co.uk/.../gif"
2009:10:05-16:44:30 gateway httpproxy[18927]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.1" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="38996" time="1023 ms" request="0xaa5115a0" url="www.mscjlindustrial.co.uk/.../gif"
2009:10:05-16:44:30 gateway httpproxy[18927]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.1" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="645" time="309 ms" request="0xaa5115a0" url="www.mscjlindustrial.co.uk/.../gif"
2009:10:05-16:44:31 gateway httpproxy[18927]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.1" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1420" time="347 ms" request="0xaa5115a0" url="www.mscjlindustrial.co.uk/.../gif"

2009:10:20-11:02:57 gateway httpproxy[14696]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.1" user="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2238" time="0 ms" request="0x8171640" url="www.mscjlindustrial.co.uk/.../Left_top2.gif" exceptions="" error=""
2009:10:20-11:02:58 gateway httpproxy[14696]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.1" user="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2232" time="0 ms" request="0x81dad58" url="www.mscjlindustrial.co.uk/.../spacer.gif" exceptions="" error=""
2009:10:20-11:02:58 gateway httpproxy[14696]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.1" user="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2240" time="0 ms" request="0x80d4828" url="www.mscjlindustrial.co.uk/.../Right_top2.gif" exceptions="" error=""
2009:10:20-11:02:58 gateway httpproxy[14696]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.1" user="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2242" time="0 ms" request="0x82d7220" url="www.mscjlindustrial.co.uk/.../msc_jl_logo.gif" exceptions="" error=""
2009:10:20-11:02:58 gateway httpproxy[14696]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.1" user="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2250" time="0 ms" request="0x8175590" url="www.mscjlindustrial.co.uk/.../091005_CAT20_UK.gif" exceptions="" error=""
2009:10:20-11:02:58 gateway httpproxy[14696]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.1" user="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2248" time="0 ms" request="0x81857a8" url="www.mscjlindustrial.co.uk/.../New_button_up2.gif" exceptions="" error=""
2009:10:20-11:02:59 gateway httpproxy[14696]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.1" user="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2246" time="0 ms" request="0x81afd50" url="www.mscjlindustrial.co.uk/.../gray_fade_178.gif" exceptions="" error=""
Note:- Each of these line appeared twice (with different request codes)

Has anyone got any suggestions?

Many thanks,

Peter.

This thread was automatically locked due to age.

Parents

0 BAlfson over 16 years ago

If there's not an easy answer, and this only happens with the one site, then you could add MSC/JL Industrial Supply Co. to the transparent mode skiplist.

Still, I'm surprised that there's nothing in your IPS log unless you have IPS turned off. I would have looked there for blockage of DNS, but that doesn't seem to have been the case.

Statuscode="400" => "The request could not be understood by the server due to malformed syntax." So, if the problem is only with that site, I wonder if THEY didn't change something in the period between the 5th and the 20th.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 16 years ago

If there's not an easy answer, and this only happens with the one site, then you could add MSC/JL Industrial Supply Co. to the transparent mode skiplist.

Still, I'm surprised that there's nothing in your IPS log unless you have IPS turned off. I would have looked there for blockage of DNS, but that doesn't seem to have been the case.

Statuscode="400" => "The request could not be understood by the server due to malformed syntax." So, if the problem is only with that site, I wonder if THEY didn't change something in the period between the 5th and the 20th.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data