Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 518 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP Proxy unusual logging

aldahan
Hi,  ive see this logs always filling the screenm, even in the first place, just ignored it, but something is  not fine, maybe this is the time to know what is happening and what can i do,..ASG 425 ver 8.103, using AD SSO.... thanks



2011:09:18-14:23:51 astaro httpproxy[27504]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe5755b90" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="902" message="Authorization denied (NT_STATUS_NO_SUCH_USER)"
2011:09:18-14:23:51 astaro httpproxy[27504]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe883c490" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="902" message="Authorization denied (NT_STATUS_NO_SUCH_USER)"
2011:09:18-14:23:51 astaro httpproxy[27504]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe5755b90" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="902" message="Authorization denied (NT_STATUS_NO_SUCH_USER)"
2011:09:18-14:23:51 astaro httpproxy[27504]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe883c490" function="auth_a


This thread was automatically locked due to age.
Parents
  • 0
    You said in another thread that you had done this, but: In the users' browsers, instead of the numeric address of the Astaro (the IP of Internal (Address)), confirm that they use an FQDN that resolves in internal DNS to the numeric IP.  For example, server.domain.local instead of 172.16.1.1.

    Is it possible that this is a user that is on a machine not joined to your domain and/or, not logged-in to the domain?  If the user is a local user on that machine, and the browser is set to use the proxy, then that might explain the messages.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    You said in another thread that you had done this, but: In the users' browsers, instead of the numeric address of the Astaro (the IP of Internal (Address)), confirm that they use an FQDN that resolves in internal DNS to the numeric IP.  For example, server.domain.local instead of 172.16.1.1.

    Is it possible that this is a user that is on a machine not joined to your domain and/or, not logged-in to the domain?  If the user is a local user on that machine, and the browser is set to use the proxy, then that might explain the messages.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    You said in another thread that you had done this, but: In the users' browsers, instead of the numeric address of the Astaro (the IP of Internal (Address)), confirm that they use an FQDN that resolves in internal DNS to the numeric IP.  For example, server.domain.local instead of 172.16.1.1.

    Is it possible that this is a user that is on a machine not joined to your domain and/or, not logged-in to the domain?  If the user is a local user on that machine, and the browser is set to use the proxy, then that might explain the messages.

    Cheers - Bob


    Thanks,  Im a little bit paranoid, because we have an open DHCP server from a Windows box, thats why users that dont have the browser proxy  settings, is trying to pass the firewall
Cookie Information Banner