This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

passing through URL that is on exception list

Hi All,

I have problem with passing throe URL that is on proxy exception list.
I have one service that doesn’t support exceptions (only simple proxy settings) and I have to pass through this URL.
I have exception defined for this URL that skip everything (Web filtering -> Exceptions). After I try to browse this page without proxy exceptions i get Connection time out.
i have ASG220 with 8.305 firmware version.
How can I resolve this case?

This thread was automatically locked due to age.

0 Ol Deda over 12 years ago

connection timeout means that URL isn't being blocked
You might have to look in firewall live log to open the port needed for that service
What URL are you visiting because probalby is down
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 12 years ago

Hi, bodzi, and welcome to the User BB!

Olsi probably solved it for you. If not, please post the line from the Web Filtering log that corresponds to a connection timeout.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 bodzi over 12 years ago in reply to BAlfson

OK, thanks.
I cannot find anything in my live log but I think because everything is skipped in my exception rule, am i right?
So I have to check my firewall rules now. I will let you know it goes.
Cancel
Vote Up 0 Vote Down

Cancel
0 Ol Deda over 12 years ago

never skip logs they are useful, some pages require ports to be open in Application Control or firewall. My nephew is killing me with this category [:)]
Cancel
Vote Up 0 Vote Down

Cancel
0 bodzi over 12 years ago in reply to Ol Deda

you are right [:)]

logs:
2012:11:02-13:38:29 myproxyDNS httpproxy[6408]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="IP" dstip="IP" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xc260eba0" url="some_address" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension" error="Connection timed out"
2012:11:02-13:38:30 myproxyDNS httpproxy[6408]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="IP" dstip="IP" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xc34ba1a0" url="some_address" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension" error="Connection timed out"
2012:11:02-13:38:32 myproxyDNS httpproxy[6408]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="IP" dstip="IP" user="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="138" request="0xc31405a8" url="some_address/" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension" error="Connection reset by peer"
2012:11:02-13:38:34 myproxyDNS httpproxy[6408]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="IP" dstip="IP" user="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="138" request="0xbba8f1a0" url="some_address/" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension" error="Connection reset by peer"

what should i do to pass through this website?
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 12 years ago

exceptions="av,auth,content,url,ssl,certcheck,cert date,mime,cache,fileextension
That means your exception is working and that the access is being handled by the proxy.

statuscode="502" statuscode="500"
Since the exception includes anti-virus, this usually means the site doesn't like proxies, and that you will need to skip the proxy to access this site.

user=""
From this, I guess you are using Transparent mode, so you can use the 'Skip transparent mode destination hosts/nets' list on the 'Advanced' tab.

url="https://some_address/"
If this is a public site, you might find someone here that could confirm that there's no other way to access the site than via the skip list.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 bodzi over 12 years ago in reply to BAlfson

thanks BAlfson.
This is local address (VPN tunnel to my client). everything works when I'm using exception list in my browser.

tomorrow i try this "Skip transparent mode destination hosts/nets" and i will let you know.
Cancel
Vote Up 0 Vote Down

Cancel