Some sites, like slashdot.org, foxnews.com, aol.com, msn.com, and others pop a 502 error in the Live log on web filtering with a block action like this:
2012:12:28-07:00:14 asg1 httpproxy[12302]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.10.1" dstip="216.34.181.45" user="" statuscode="504" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2523" request="0x1203c998" url="slashdot.org/.../html"
I attached a screenshot of the error in the browser as well.
If I add the source IP to the transparent mode skip list, all is good in the world the sites load with no problem. I turn it back on and the errors come back.
AT&T did some captures and determined that they aren't blocking anything and even went as far as removing the access list in their router as a troubleshooting measure to see if it changed.
What is occurring that could maybe cause this? The circuit is a dual T1 and both circuits are clean on their end.
The only catalyst I can see here is Web Protection being enabled.
Anyone have any insight?
I'm running UTM 9.004-34.
Thanks for the help in advance!
This thread was automatically locked due to age.
