Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 2516 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filtering not working?

larellanos
Hello everyone, 
Hope someone can help me

The specs:
Model: ASG Software
Type: Virtual
Firmware version: 8.316
Pattern version: 77394

Recently my web filter logs are somewhat empty, as the only information showed /reported are the "internal" proces, nothing from the actual web navigation [:S][:S] : 


2015:03:19-10:35:42 MYTUM httpproxy[6628]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" srcip="" function="sc_check_servers" file="scr_scanner.c" line="876" message="server 'cffs12.astaro.com' access time: 309ms"

2015:03:19-10:35:42 MYTUM httpproxy[6628]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" srcip="" function="sc_check_servers" file="scr_scanner.c" line="876" message="server 'cffs16.astaro.com' access time: 336ms"

2015:03:19-10:35:42 MYTUM httpproxy[6628]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" srcip="" function="sc_check_servers" file="scr_scanner.c" line="876" message="server 'cffs26.astaro.com' access time: 346ms"

2015:03:19-10:35:43 MYTUM httpproxy[6628]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" srcip="" function="sc_check_servers" file="scr_scanner.c" line="876" message="server 'cffs01.astaro.com' access time: 321ms"

2015:03:19-10:35:43 MYTUM httpproxy[6628]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" srcip="" function="sc_check_servers" file="scr_scanner.c" line="876" message="server 'cffs08.astaro.com' access time: 345ms"

2015:03:19-10:35:43 MYTUM httpproxy[6628]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" srcip="" function="sc_check_servers" file="scr_scanner.c" line="876" message="server 'cffs04.astaro.com' access time: 368ms"

2015:03:19-10:35:44 MYTUM httpproxy[6628]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" srcip="" function="sc_check_servers" file="scr_scanner.c" line="876" message="server 'cffs09.astaro.com' access time: 389ms"

2015:03:19-10:35:44 MYTUM httpproxy[6628]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" srcip="" function="sc_check_servers" file="scr_scanner.c" line="876" message="server 'cffs10.astaro.com' access time: 411ms"

2015:03:19-10:35:45 MYTUM httpproxy[6628]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" srcip="" function="sc_check_servers" file="scr_scanner.c" line="876" message="server 'cffs17.astaro.com' access time: 484ms"

2015:03:19-10:35:45 MYTUM httpproxy[6628]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" srcip="" function="sc_check_servers" file="scr_scanner.c" line="876" message="server 'cffs15.astaro.com' access time: 484ms"


I know that the simpliest solution will be to update to V9.X, but we cant at the moment for several reasons [:(] , so, im hoping this can be solved.

I have already restarted the UTM and changed some options with no avail.

Thanks in advance


This thread was automatically locked due to age.
  • 0
    Something is causing the web browsing traffic to bypass your web proxy.  What could be causing that?  I doubt that this is a Sophos bug.

    Cheers - Bob
  • 0
    Thanks for the reply Bob

    Thats really strange [:S], some days ago the logs were filled with correct info, and we didnt change anything[:(] 


    2015:03:04-16:05:35 MYTUM httpproxy[6716]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="***.***.***.***" dstip="200.57.186.145" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3518" request="0x10232b80" url="www.sanborns.com.mx/.../jpeg"

    2015:03:04-16:05:35 MYTUM httpproxy[6716]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="***.***.***.***" dstip="200.57.186.145" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4365" request="0xb94de70" url="www.sanborns.com.mx/.../jpeg"

    2015:03:04-16:05:35 MYTUM httpproxy[6716]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="***.***.***.***" dstip="200.57.186.145" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4406" request="0xfdeb5d8" url="www.sanborns.com.mx/.../jpeg"

    2015:03:04-16:05:35 MYTUM httpproxy[6716]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="***.***.***.***" dstip="200.57.186.145" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4958" request="0x30b3d8b0" url="www.sanborns.com.mx/.../jpeg"

    2015:03:04-16:05:35 MYTUM httpproxy[6716]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="***.***.***.***" dstip="200.57.186.145" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4666" request="0x109df5e0" url="www.sanborns.com.mx/.../jpeg"

    2015:03:04-16:05:35 MYTUM httpproxy[6716]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="***.***.***.***" dstip="200.57.186.145" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5169" request="0xb94de70" url="www.sanborns.com.mx/.../jpeg"

    2015:03:04-16:05:35 MYTUM httpproxy[6716]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="***.***.***.***" dstip="200.57.186.145" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5554" request="0x10232b80" url="www.sanborns.com.mx/.../jpeg"

    2015:03:04-16:05:35 MYTUM httpproxy[6716]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="***.***.***.***" dstip="200.57.186.145" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4229" request="0x30b3d8b0" url="www.sanborns.com.mx/.../jpeg
  • 0
    I fell stupid and angry at the same time

    Just went to re-check all the config and found some clever guy put the whole internal LAN side on the "Skip transparent mode source hosts/nets" [:@]

    Just deleted the network definition and the logs are OK now [:D]

    Thanks for the help, and sorry for the trouble [:$]

    ---
    on this matter
    Does anyone know which is the log for the "Last WebAdmin sessions", I want to know the who and when did this change

    THANKS
  • 0
    Does anyone know which is the log for the "Last WebAdmin sessions", I want to know the who and when did this change
    That information is stored in a database table, but is derived from the Configuration Daemon log.
  • 0 
    psql reporting -U reporting -c "SELECT confd_sessions.*, confd_nodes.* FROM confd_sessions INNER JOIN confd_nodes ON confd_sessions.sid = confd_nodes.sid WHERE confd_sessions.facility = 'webadmin';"


    Originally posted in: https://community.sophos.com/products/unified-threat-management/astaroorg/f/52/t/29933
  • 0 in reply to Scott_Klassen
    That information is stored in a database table, but is derived from the Configuration Daemon log.


    Thanks

    I know the table youre talking about, but it only show me the last 20 sessions, thats why I want to check the log.

    Thanks
  • 0 in reply to teched_01 
    psql reporting -U reporting -c "SELECT confd_sessions.*, confd_nodes.* FROM confd_sessions INNER JOIN confd_nodes ON confd_sessions.sid = confd_nodes.sid WHERE confd_sessions.facility = 'webadmin';"


    Originally posted in: https://www.astaro.org/gateway-products/hardware-installation-up2date-licensing/56101-last-webadmin-entries-not-showing.html#post289705


    thanks

    Will try that.