Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Answers 2 answers
  • Subscribers 31 subscribers
  • Views 21418 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to get Discord working while "Decrypt and Scan" of HTTPS is enabled

Crispy Cfc

I've installed the certificates on to all relevant devices, and appear to have got most things working.

The one thing I just can't seem to solve is getting Discord (app for Windows) to connect when filtering HTTPS.

This is a home based system and I'm attempting to keep the kids save by filtering the internet.

Steam worked without any modifications, as did most other things but not Discord.

There appears to be no relevant posts that I can find anywhere on the net, or it may just be that my Google skills are lacking.

 

Any help, suggestions greatly appreciated.

 



This thread was automatically locked due to age.
  • 0

    Crispy,

    some https websites and application can "understand" man-in-the-middle attack and so they stop working. Create an https web exceptions for those URL, IP, FQDN from Web > exceptions.

    Regards

  • 0 in reply to lferrara

    Firstly, thanks for the prompt reply.

     

    I have added  the exception, or at least I think I have. Sniffing the app I get this. (see below)

    Pinging discordapp.com gave me 104.16.59.5

    104.16.59.37 had also appeared on another occasion, so I have added that IP also. 

     

    The exception looks like this, and unfortunately is still not working. Can you see if I've missed anything, or if the formatting is correct..

     

     

    Thanks again for the assistance.

  • 0 in reply to Crispy Cfc

    Crispy,

    take the IP of the device where the APP is installed and from XG use the console and type:

    tcpdump "port 443 and host x.x.x.x" where x.x.x.x is the IP.

    Check which IP are captured and keep adding them inside the exceptions.

    The other way to catch FQDN is from advanced shell using the tcpdump command:

    tcpdump -s0  | grep x.x.x.x

    or use log viewer web filtering and see if from there you can catch which is the correct url.

    Regards

  • 0 in reply to Crispy Cfc

    I've been trying to accomplish this same thing.  Did you find an address or range of addresses for HTTPS decryption exceptions that will make Discord work?

    I've been monitoring my logs and added about half-a-dozen addresses but haven't gotten it working yet.

  • 0 in reply to AlandCoons

    Hi folks,

    I can see part of the problem being that people can start their own discord servers, which makes setting rules a bit of hit and miss. There also appears to be a number of different URLs and I suspect that you have been too restrictive with your exception rule probably just need 'discord' because there is also a .net site.

     

    ian

  • 0 in reply to rfcat_vk

    I've been working on this a few hours and found I can get it working with new (higher) rule for (104.16.0.0 - 104.31.255.255 "Cloudflare Hosting").

    In order to protect my systems I'm still including HTTP/FTP scanning (and strict IPS and APP Control) just not HTTPS decrypt and scan.

    I'm happy to hear if someone has a better (more secure) solutions.

  • 0 in reply to Crispy Cfc

    Hi Crispy,

    The operational logic for multi exception items is "AND" not "OR".

    If it needs both URL & IP exceptions, try to create separate exception items for it.

    Shunze

  • 0 in reply to AlandCoons

    Hi,

    Like Alan, i have to disable https scanning... Has anyone found a web exception in order to Discord running ?

    Thank you.

  • 0 in reply to gfontaniere

    Web exceptions didn't work for me but I have a special firewall rule for the following addresses:

    104.16.58.5,104.16.59.37,104.16.59.5,104.16.60.37

    With slightly tweaked application control and not HTTPS filtering but all my other services turn up.

  • 0 in reply to AlandCoons

    Thank you very much for your answer. I'll try your solution.