Thread Info
  • State Not Answered
  • Replies 4 replies
  • Subscribers 0 subscribers
  • Views 1317 views
  • Users 0 members are here
Options
Suggested

[7.900][BUG][NOT A BUG] Problems with https scanning

Pinocchio_69
i already posted in the closed Beta Forum; i have trouble with many https sites..
with 7.40x it is working fine; without https scaninng it is working fine, with https enabled on V7.900 it isn´t working:

I have multiple https sites which are blocked.
Test through a 7.404 works perfect.

Log entgries:

2010:04:01-22:06:05 home-asg httpproxy[9583]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.178.31" dstip="85.183.249.137" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="43" time="127 ms" request="0xa65a2b18" url="www.etracker.de/cnt_links.php
2010:04:01-22:06:09 home-asg httpproxy[9583]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.178.31" dstip="85.183.249.137" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="43" time="130 ms" request="0xa65a2b18" url="www.etracker.de/cnt_links.php
2010:04:01-22:06:10 home-asg httpproxy[9583]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xb05196b0" function="ssl_connect" file="ssl.c" line="961" message="ssl_handshake: Connection timed out"
2010:04:01-22:06:10 home-asg httpproxy[9583]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xb05196b0" function="ssl_log_errors" file="ssl.c" line="40" message="C: 9583:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284:
2010:04:01-22:06:10 home-asg httpproxy[9583]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.178.31" dstip="" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="0" time="0 ms" request="0xb05196b0" url="188.17.220.243" exceptions="" error="Connection timed out"
2010:04:01-22:06:13 home-asg httpproxy[9583]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xb05192f0" function="ssl_log_errors" file="ssl.c" line="40" message="S: 9583:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:585:
2010:04:01-22:06:13 home-asg httpproxy[9583]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xb05192f0" function="ssl_connect" file="ssl.c" line="961" message="ssl_handshake: Input/output error"
2010:04:01-22:06:13 home-asg httpproxy[9583]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xb05192f0" function="ssl_log_errors" file="ssl.c" line="40" message="C: 9583:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284:
2010:04:01-22:06:13 home-asg httpproxy[9583]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.178.31" dstip="" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="0" time="0 ms" request="0xb05192f0" url="91.89.121.2" exceptions="" error="Input/output error"
2010:04:01-22:06:14 home-asg httpproxy[9583]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xb05ac610" function="ssl_connect" file="ssl.c" line="961" message="ssl_handshake: Connection refused"
2010:04:01-22:06:14 home-asg httpproxy[9583]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xb05ac610" function="ssl_log_errors" file="ssl.c" line="40" message="C: 9583:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284:
2010:04:01-22:06:14 home-asg httpproxy[9583]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.178.31" dstip="" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="0" time="0 ms" request="0xb05ac610" url="188.187.10.30" exceptions="" error="Connection refused"
2010:04:01-22:06:14 home-asg httpproxy[9583]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.178.31" dstip="" user="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="4564" time="0 ms" request="0xa6573260" url="91.89.121.2:443" exceptions="" error="Received invalid request from client"
2010:04:01-22:06:18 home-asg httpproxy[9583]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xa6521d88" function="ssl_connect" file="ssl.c" line="961" message="ssl_handshake: Connection timed out"
2010:04:01-22:06:18 home-asg httpproxy[9583]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xa6521d88" function="ssl_log_errors" file="ssl.c" line="40" message="C: 9583:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284:
2010:04:01-22:06:18 home-asg httpproxy[9583]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.178.31" dstip="" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="0" time="0 ms" request="0xa6521d88" url="95.150.82.138" exceptions="" error="Connection timed out"
2010:04:01-22:06:23 home-asg httpproxy[9583]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.178.31" dstip="85.183.249.137" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="43" time="118 ms" request="0xa65a2b18" url="www.etracker.de/cnt_links.php
2010:04:01-22:07:00 home-asg httpproxy[9583]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.178.31" dstip="85.183.249.137" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="43" time="167 ms" request="0xa65a2b18" url="www.etracker.de/cnt_links.php
2010:04:01-22:07:04 home-asg httpproxy[9583]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.178.31" dstip="85.183.249.137" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="43" time="118 ms" request="0xa65a2b18" url="www.etracker.de/cnt_links.php
2010:04:01-22:07:07 home-asg httpproxy[9583]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.178.31" dstip="" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="6342" time="0 ms" request="0xa6521d88" url="193.227.192.229" exceptions="" error="unable to get local issuer certificate"
Parents
  • 0
    Hi Patrick,

    for me almost all IPs you've mentioned above were down. 

    However I got an error with your last IP https://193.227.192.229 that shows a certificate for service.simplytel.de and the HTTPS server generates an error when you acces s the web site via the proxy.

    As soon as I've added an exception for the certificate, access was granted.

    I'm using a transparent proxy setup, but I doubt that this matters...

    Just my 2 cents
    Christian

    - not directly close to the Baltic sea, still 100km to go [;)]
Reply
  • 0
    Hi Patrick,

    for me almost all IPs you've mentioned above were down. 

    However I got an error with your last IP https://193.227.192.229 that shows a certificate for service.simplytel.de and the HTTPS server generates an error when you acces s the web site via the proxy.

    As soon as I've added an exception for the certificate, access was granted.

    I'm using a transparent proxy setup, but I doubt that this matters...

    Just my 2 cents
    Christian

    - not directly close to the Baltic sea, still 100km to go [;)]
Children
No Data
Cookie Information Banner