Message Image

Skip main navigation (Press Enter).

ProxySG & Advanced Secure Gateway

View Only

Back to discussions

Expand all | Collapse all

Requests by proxy not initiated by users

Maher ShabanJun 12, 2019 03:57 AM

Dear All, good day to you. I've CAS alerts for blocked suspicious requests with unknown sources ...

Migration UserJun 12, 2019 04:16 AM

Hi Maher, Would like to know on how did you confirmed that the request is not ...

Maher ShabanJun 20, 2019 02:49 AM

Hi Aravind, you are right, the url request was due to cache refresh on the proxy. I deleted it ...

1. Requests by proxy not initiated by users

0 Recommend
Maher Shaban
Posted Jun 12, 2019 03:57 AM

Reply Reply Privately
Dear All,

good day to you.

I've CAS alerts for blocked suspicious requests with unknown sources address like below.

Server: 52.85.22.126

Client: Unknown

Virus/PUS: "Suspicious:Trojan.Script.Generic" found!

URL: hxxps://d4n2lybtj245w.cloudfront.net/images/cashusso/javascript/bootstrap.min.js

by investigation I found the request is initiated from the proxy itself not from any user.

is there any clarification for that?

Thanks in advance.
2. RE: Requests by proxy not initiated by users

0 Recommend
Migration User
Posted Jun 12, 2019 04:16 AM

Reply Reply Privately
Hi Maher,

Would like to know on how did you confirmed that the request is not initiated by a user? If there is no access-log associated with this, then it could be a cache refresh attempt by Proxy. Check whether this file is already in cache or not by following the article https://support.symantec.com/en_US/article.TECH241196.html .
3. RE: Requests by proxy not initiated by users

0 Recommend
Maher Shaban
Posted Jun 20, 2019 02:49 AM

Reply Reply Privately
Hi Aravind,

you are right, the url request was due to cache refresh on the proxy.

I deleted it from the cache.

many thanks for your response and usual support.

Copyright 2019. All rights reserved.

Powered by Higher Logic