Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 3778 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking SW Update site, with little in the logs to T/S

bgarlock
I use Microlite Backup Edge SW on our linux servers, and since installing the Astaro 7.502 unit, it blocks this applications' update service.  Here is the relevant entry that is logged, but it doesn't tell me much....

2010:02:22-10:38:12 hendrix httpproxy[19511]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.200.215" user="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2156" time="0 ms" request="0x8936560" url="" exceptions="" error=""


This thread was automatically locked due to age.
Parents
  • 0
    Sometimes Astaro sees something as malformed when it's not.  Especially since you said this only happened after 502.  Put microlite's address is the exceptions area of the proxy(where it skips a/v and other scanning).

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

Reply
  • 0
    Sometimes Astaro sees something as malformed when it's not.  Especially since you said this only happened after 502.  Put microlite's address is the exceptions area of the proxy(where it skips a/v and other scanning).

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

Children
  • 0 in reply to William Warren
    Sometimes Astaro sees something as malformed when it's not.  Especially since you said this only happened after 502.  Put microlite's address is the exceptions area of the proxy(where it skips a/v and other scanning).


    Yea, should have mentioned that I already had done that, with the same result.  I have a ticket in with microlite asking them what the hostname is.  I have microlite.com in all the exceptions, so my guess is the URL is something else.  Maybe I'll just 'tcpdump' the traffic.