Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 3409 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTPS Scanning Frustrations

nava
We recently enabled HTTPS scanning and I am getting errors all over the place. 

One frustrating issue is a german online class. The website works fine, but when the students need to view the actual lesson plan the firewall blocks it, giving the error "The Connection Was Reset" in Chrome. Turning HTTPS off gives no error and everything loads correctly. For now I just turned the HTTPS scanning off so they can continue to have class. I've tried to following exceptions with no success:

^https?://([A-Za-z0-9.-]*\.)?okstate\.edu/
^https?://[A-Za-z0-9.-]+\.okstate\.edu/
^https?://okstate\.edu/
^https?://([A-Za-z0-9.-]*\.)?okstate\.edu\.?/

I'm not a networking guy, which is why I'm using Sophos UTM, but I can't figure this one out. What's my problem? Also, how necessary is HTTPS scanning in the first place?


This thread was automatically locked due to age.
Parents
  • 0
    My mistake, I should have put that in the first place:

    2014:03:04-15:28:48 MembcIT-1 httpproxy[5357]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.3.206" dstip="" user="" statuscode="502" cached="0" profile="REF_HttProMcaStudeNetwo (MCA Student Network)" filteraction=" ()" size="0" request="0xf97f490" url="139.78.96.144" exceptions="" error="Failed to verify server certificate"
    2014:03:04-15:28:48 MembcIT-1 httpproxy[5357]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.3.206" dstip="" user="" statuscode="502" cached="0" profile="REF_HttProMcaStudeNetwo (MCA Student Network)" filteraction=" ()" size="0" request="0xf97f910" url="139.78.96.144" exceptions="" error="Failed to verify server certificate"
    2014:03:04-15:28:48 MembcIT-1 httpproxy[5357]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.3.206" dstip="" user="" statuscode="502" cached="0" profile="REF_HttProMcaStudeNetwo (MCA Student Network)" filteraction=" ()" size="0" request="0xe49fde8" url="139.78.96.144" exceptions="" error="Failed to verify server certificate"

    We are a church and private school. I have three subnets, one for church staff, one for teachers, and one for students. Would these need HTTPS scanning, in your opinion?
Reply
  • 0
    My mistake, I should have put that in the first place:

    2014:03:04-15:28:48 MembcIT-1 httpproxy[5357]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.3.206" dstip="" user="" statuscode="502" cached="0" profile="REF_HttProMcaStudeNetwo (MCA Student Network)" filteraction=" ()" size="0" request="0xf97f490" url="139.78.96.144" exceptions="" error="Failed to verify server certificate"
    2014:03:04-15:28:48 MembcIT-1 httpproxy[5357]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.3.206" dstip="" user="" statuscode="502" cached="0" profile="REF_HttProMcaStudeNetwo (MCA Student Network)" filteraction=" ()" size="0" request="0xf97f910" url="139.78.96.144" exceptions="" error="Failed to verify server certificate"
    2014:03:04-15:28:48 MembcIT-1 httpproxy[5357]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.3.206" dstip="" user="" statuscode="502" cached="0" profile="REF_HttProMcaStudeNetwo (MCA Student Network)" filteraction=" ()" size="0" request="0xe49fde8" url="139.78.96.144" exceptions="" error="Failed to verify server certificate"

    We are a church and private school. I have three subnets, one for church staff, one for teachers, and one for students. Would these need HTTPS scanning, in your opinion?
Children
No Data