Sophos UTM – Bypass DNSRBL Blacklisted Address [RESOLVED]

So you might have an issue where you have a published website via the Sophos UTM and an IP address is been blacklisted, and is unable to connect to the published website, but you need to by-pass it on your Sophos UTM, in this case in your Sophos UTM logs this will show as :-

DNSRBL black.rbl.ctipd.astaro.local or similar from the SRCIP (source IP address)

To by-pass an IP on the DNSRBL blacklist’s this is one way to do it from your Sophos UTM :-

1. Once logged into the UTM select “Webserver Protection” then “Firewall Profiles” then “Exceptions

2. Create a new rule here (or clone an existing rule) and tick “Block clients with bad reputation

3. Under “Virtual webservers” select all the webservers this will apply to.

4. Under “For all requests” select “Web clients coming from these source networks

5. Add the IP or range here that you wish to by-pass.

6. Click “Save” and then ensure the rule is enabled.

The “Block clients with bad reputation” is the part that does the external checks on the IP address when you access the published website from external.  In the above example we have made an exception, so that a specified IP address is allowed to access the site, even though the IP is blacklisted.

We did a post about this here that advised how to check if an IP was been blacklisted.  There is also a post here regarding a similar issue.

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: