Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 14820 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

statuscode="407"

jazzoberoi
Hi,

I'm using the 9.310-11 firmware

I realized that in Standard (AD-SSO) mode, the UTM WebFilter logs each and every web request as statuscode="407". Is this really necessary ? I think i saw once in some changelog that this level of filtering was not going to happen.

The statuscode="407" does not get logged when using the Transparent (AD-SSO) mode.

2015:04:25-00:52:11 dvicsophosutm01-1 httpproxy[6403]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.0.30.49" dstip="" user="" ad_domain="" statuscode="407" cached="0" profile="REF_HttProContaInterHp5 (Employee (Standard) Proxy Profile)" filteraction=" ()" size="2681" request="0xcadaf000" url="www.civicscience.com/.../7.0; rv:11.0) like Gecko" exceptions="" 

2015:04:25-00:52:24 dvicsophosutm01-1 httpproxy[6403]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.30.49" dstip="" user="" ad_domain="" statuscode="407" cached="0" profile="REF_HttProContaInterHp5 (Employee (Standard) Proxy Profile)" filteraction=" ()" size="2673" request="0xcb2b2000" url="ping.chartbeat.net/ping

2015:04:25-00:52:24 dvicsophosutm01-1 httpproxy[6403]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.30.49" dstip="" user="" ad_domain="" statuscode="407" cached="0" profile="REF_HttProContaInterHp5 (Employee (Standard) Proxy Profile)" filteraction=" ()" size="2673" request="0xcb2b2000" url="ping.chartbeat.net/ping

2015:04:25-00:54:18 dvicsophosutm01-1 httpproxy[6403]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.0.20.205" dstip="15.201.225.95" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterHp (Server Internet Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Sophos-Block All Internet)" size="3130" request="0xa0f7800" url="15.201.225.95/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="872413" device="3" auth="2" ua="" exceptions="av,url" 


This thread was automatically locked due to age.
Parents
  • 0
    Hi Balfson,

    Thanks for getting back to me..

    The only way I see my profile being different is in that I have used the DNS PAC/WPAD method with the FQDN instead of using the proxy server LAN address.

    Otherwise, I have no issues authenticating to the backend AD-SSO. It's just that I get those irritating status=407 messages in my webfitering logs.

    If required, let me know and I can post some screenshots of my configuration.

    Thanks.
Reply
  • 0
    Hi Balfson,

    Thanks for getting back to me..

    The only way I see my profile being different is in that I have used the DNS PAC/WPAD method with the FQDN instead of using the proxy server LAN address.

    Otherwise, I have no issues authenticating to the backend AD-SSO. It's just that I get those irritating status=407 messages in my webfitering logs.

    If required, let me know and I can post some screenshots of my configuration.

    Thanks.
Children
No Data