Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 25 replies
  • Subscribers 1 subscriber
  • Views 30090 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[9.205][Bug] "web request blocked" with "Invalid argument"

ProKasro
We updated our ASG220 three days ago to Version 9.205-12. We have an internal web server (IIS 7 on Windows Server 2008 R2) that can be accessed from outside:

DNAT: Any -> HTTP -> EXTERNAL-ADDRESS
      Target translation: INTERNAL-ADDRESS
  
SNAT: INTERNAL-ADDRESS -> Any -> Any
      Source translation: EXTERNAL-ADDRESS

This worked very well until the last update. After this update we can not access the site with its external address from inside, we get following Errors:

2014:08:13-16:51:09 fw-prokasro-2 httpproxy[5833]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.100.148" dstip="176.94.29.131" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2520" request="0x1074ea38" url="daten.prokasro.de/.../support" exceptions="" error="Invalid argument" authtime="0" dnstime="7" cattime="19332" avscantime="0" fullreqtime="55199227" device="0" auth="0" category="105" reputation="neutral" categoryname="Business"

and after configuring some exceptions for the domain daten.prokasro.de:

2014:08:14-08:45:18 fw-prokasro-2 httpproxy[5833]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.100.148" dstip="176.94.29.131" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2520" request="0x15ef3278" url="daten.prokasro.de/.../support" exceptions="av,auth,content,url,mime,cache,fileextension,size" error="Invalid argument" authtime="0" dnstime="10" cattime="0" avscantime="0" fullreqtime="2424" device="0" auth="0"

From outside we have no problems.


Greetings,

Dr. Andre Carlos Morales-Bahnik
ProKASRO Mechatronik GmbH


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to BAlfson
    Gentlemen, it appears Sophos has patched this issue in 9.207 (can be found at http://download.astaro.com/UTM/v9/up2date/u2d-sys-9.206035-207018.tgz.gpg) ... there is now a checkbox you can tick/untick to modify this behavior, under Web Protection/Filtering Options/Misc tab, named "Detect HTTP Loopback."

    Do keep in mind there could be security consequences to allowing loopback access to occur via the proxy.

    Also, this is a soft-release, so bear in mind, I would not recommend putting it on production systems unless you really, really, need this fixed today.  Sophos generally, unless there is a show-stopper, pushes out the GA releases of updates a week or 2 after the soft-release.
  • 0 in reply to BrucekConvergent

    Also, this is a soft-release, so bear in mind, I would not recommend putting it on production systems unless you really, really, need this fixed today.  Sophos generally, unless there is a show-stopper, pushes out the GA releases of updates a week or 2 after the soft-release.


    Hello,

    actually not true anymore. We are consistently monitoring the Astaro FTP Servers to download and upload the UP2Date packages (without installing them) to the UTM asap. Out of work hours to avoid that the automated download and unpacking process crashes the whole 220 system (as it always does).
    On more than one occasion during the last months, Sophos has pushed the update within ~3 days  from first appearance on the FTP server.

    We'll try this patch in our test-VM-setup,

    thanks,

    SA