SmugMug Uploads through Astaro/Sophos UTM Hanging

Since I found exactly zero information on the topic I thought I would throw together a quick blog post in the event other’s run into trouble with this.  It’s been a few weeks since I last uploaded pictures so I’m not sure what changed, might be the new “beta” firmware I’m running but I’m not convinced of that.

Anyway the problem is when you attempt to upload files to a SmugMug gallery it will “hang” with the bars all the way filled.  They will also fill very quickly (much faster than your upload speed) since the Sophos box is intercepting them.  If you start digging into the logs on the Sophos box you will see something like the following:

2014:11:30-19:00:31 gateway httpproxy[5489]: id=”0002″ severity=”info” sys=”SecureWeb” sub=”http” name=”web request blocked” action=”block” method=”PUT” srcip=”192.168.9.9″ dstip=”54.85.78.68″ user=”” ad_domain=”” statuscode=”504″ cached=”0″ profile=”REF_HttProContaInterNetwo2 (Everything Else)” filteraction=”REF_DefaultHTTPCFFAction (Default content filter action)” size=”2647″ request=”0xad9b1000″ url=”http://upload.smugmug.com/photos/xmlrawadd.mg” referer=”http://www.bunyardpics.com/Family/Bunyard-Thanksgiving-20141129/” error=”Connection to server timed out” authtime=”0″ dnstime=”513″ cattime=”53″ avscantime=”5640″ fullreqtime=”61679447″ device=”0″ auth=”0″ ua=”Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36″ exceptions=”” reputation=”neutral” category=”179″ reputation=”neutral” categoryname=”Media Sharing”

or

2014:11:30-19:03:49 gateway httpproxy[5489]: id=”0002″ severity=”info” sys=”SecureWeb” sub=”http” name=”web request blocked” action=”block” method=”PUT” srcip=”192.168.9.9″ dstip=”54.85.152.234″ user=”” ad_domain=”” statuscode=”504″ cached=”0″ profile=”REF_HttProContaInterNetwo2 (Everything Else)” filteraction=”REF_DefaultHTTPCFFAction (Default content filter action)” size=”0″ request=”0xc8654000″ url=”http://upload.smugmug.com/photos/xmlrawadd.mg” referer=”http://www.bunyardpics.com/Family/Bunyard-Thanksgiving-20141129/” error=”Connection to server timed out” authtime=”0″ dnstime=”36673″ cattime=”120″ avscantime=”5954″ fullreqtime=”62055195″ device=”0″ auth=”0″ ua=”Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36″ exceptions=””

or

2014:11:30-19:14:37 gateway httpproxy[5489]: id=”0002″ severity=”info” sys=”SecureWeb” sub=”http” name=”web request blocked” action=”block” method=”PUT” srcip=”192.168.9.9″ dstip=”54.85.78.68″ user=”” ad_domain=”” statuscode=”504″ cached=”0″ profile=”REF_HttProContaInterNetwo2 (Everything Else)” filteraction=”REF_DefaultHTTPCFFAction (Default content filter action)” size=”2647″ request=”0xa978800″ url=”http://upload.smugmug.com/photos/xmlrawadd.mg” referer=”http://www.bunyardpics.https://www.danodemano.com/wp-admin/post.php?post=491&action=edit&message=10com/Family/Bunyard-Thanksgiving-20141129/” error=”Connection to server timed out” authtime=”0″ dnstime=”114″ cattime=”0″ avscantime=”0″ fullreqtime=”62108802″ device=”0″ auth=”0″ ua=”Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36″ exceptions=”av,auth,content,url,ssl,certcheck,certdate,mim

depending on if you have tried to create bypass rules to solve this issue.  If you follow the progressing this first is prior to any rules, the next is with a bypass domain in the web filter profile, and the third is with a bypass in the core exceptions list.  In all three cases you will notice the 504 connection timed out errors.  This is, I think though can’t prove, related to the Sophos box trying to scan the picture upload. 

So enough of the preamble, how does one fix this?  It’s actually pretty simple, you need to entirely bypass the upload.smugmug.com domain group.  You can do so with the following steps:

  • Log into your Sophos UTM web UI
  • Navigate to Web Protection -> Filtering Options -> Misc
  • Under “Transparent mode skiplist” area click the plus (+) next to “Skip transparent mode source hosts/nets”
  • In the “Add network definition” box create a definition with the following:
    • Name: Smugmug Uploads (Or whatever name you want to identify this definition)
    • Type: DNS group
    • Hostname: upload.smugmug.com
    • Comment: [blank] (unless you want to make a more detailed note about this definition)
  • Click save then click the folder icon next to “Skip transparent mode destination hosts/nets”
  • In the list that populates on the left choose your “Smugmug Uploads” and drag it into the box under “Skip transparent mode destination hosts/nets”
  • Click “Apply” at the bottom of the “Transparent mode skiplist” area

You should now be able to upload pictures without issue!  Please leave a comment if you have questions/problems.

Leave a Reply

Your email address will not be published. Required fields are marked *