Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 1 subscriber
  • Views 12592 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filtering blocking "uncategorized" Sub-Domains

GrandMasterJ
I use the URL filtering with Decrypt and Scan and I block "uncategorized."  Has been working well until the last couple of updates.  Now sub domains of regularly categorized websites are "uncategorized" and blocked.  Example:  Amazon.com works fine.  Searching for "Wonder Forge Richard Scarry" on Amazon is blocked.  Not just Amazon, but I saw it on Expedia and other well-known sites.

What the heck happened?!  Worked just fine until the latest 9.2 and 9.3 update (was hoping 9.3 fixed the problem).

Besides no longer blocking "uncategorized," has a new option been made available for sub-domains and hidden in the UI that I missed?


This thread was automatically locked due to age.
Parents
  • 0
    Please show a representative line from the Web Filtering log.

    Cheers - Bob
  • 0 in reply to BAlfson
    As requested!  Man, I hope this looks cleaner after post...

    In this case, "whois.domaintools.com" is passed(first GET request), but attempting to access "whois.domaintools.com/.../

    I cut out some of the middle transactions since they were just for loading background images and the like.  Minus the fav.ico, they were passed as well.

    *I am using reputation rating too -> block below "unverified."  Does that muck things up?

    2014:12:14-22:00:28 SophosUTM httpproxy[5342]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.0.8" dstip="8.247.98.160" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4922" request="0xfe56000" url="whois.domaintools.com/.../html"

    2014:12:14-22:00:28 SophosUTM httpproxy[5342]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.0.8" dstip="8.247.98.160" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6737" request="0xe2045000" url="whois.domaintools.com/.../style.css

    2014:12:14-22:00:57 SophosUTM httpproxy[5342]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.0.8" dstip="" user="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3367" request="0xe27e1000" url="whois.domaintools.com/.../

    2014:12:14-22:00:57 SophosUTM httpproxy[5342]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.0.8" dstip="" user="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3319" request="0xfe56000" url="whois.domaintools.com/.../537.36" exceptions="" reason="category" category="9998" reputation="unverified" categoryname="Uncategorized"
Reply
  • 0 in reply to BAlfson
    As requested!  Man, I hope this looks cleaner after post...

    In this case, "whois.domaintools.com" is passed(first GET request), but attempting to access "whois.domaintools.com/.../

    I cut out some of the middle transactions since they were just for loading background images and the like.  Minus the fav.ico, they were passed as well.

    *I am using reputation rating too -> block below "unverified."  Does that muck things up?

    2014:12:14-22:00:28 SophosUTM httpproxy[5342]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.0.8" dstip="8.247.98.160" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4922" request="0xfe56000" url="whois.domaintools.com/.../html"

    2014:12:14-22:00:28 SophosUTM httpproxy[5342]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.0.8" dstip="8.247.98.160" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6737" request="0xe2045000" url="whois.domaintools.com/.../style.css

    2014:12:14-22:00:57 SophosUTM httpproxy[5342]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.0.8" dstip="" user="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3367" request="0xe27e1000" url="whois.domaintools.com/.../

    2014:12:14-22:00:57 SophosUTM httpproxy[5342]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.0.8" dstip="" user="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3319" request="0xfe56000" url="whois.domaintools.com/.../537.36" exceptions="" reason="category" category="9998" reputation="unverified" categoryname="Uncategorized"
Children
No Data