Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 24 replies
  • Subscribers 1 subscriber
  • Views 7123 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[7.500] streaming and time managed access

RFCat_vk_01
Hi,
A new version of the http proxy doesn't block users.

The streaming content is open all the time, it is an unmanaged stream in the http proxy, so effectively it bypasses the ability of timed managed access to control it.

While you might say a different http profile will fix the problem, it doesn't because there isn't a place to put streaming. Blocking a web sites (by category) that allow streaming does not work.

Ian M


This thread was automatically locked due to age.
  • 0 in reply to BAlfson
    Hi Bob,
    I have changed the PPPoE interface to restart at 2am with a 1 minute break. See what happens.

    Findings.
    1/. audio/video streaming bypass in HTTP has no affect
    2/. audio/video streaming is not controlled by filter actions in fact it is not controlled
    3/. you can put audio/video streaming protocols in the allowed target services - not affected by dual virus scanning.

    Summary, http security has a couple of big holes.

    The ASG was a fresh install tonight, v7.500 iso, v7.502 up2date, restored from backup taken immediately before fresh installation.


    Ian
  • 0
    Hmmm, I don't know enough to know whether the Astaro is "smart" enough to know to hold/re-establish connections when the interface acquires a new IP.  What happens if you:

    /var/mdw/scripts/httpproxy restart

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi Bob,
    I haven't tried the script bit, but the PPPoE restart doesn't work because the ASG does not take any notice of the re-connect time when using the auto-reconnect function.

    Ian M
  • 0 in reply to RFCat_vk_01
    Hi Bob,
    update on progress.

    I did a fresh installation with v7.500 ISO and then went to v7.502. Installed my licence and then restored from a backup taken from the previous build. The new build has been up for 5 days.
    Result appears that streaming is now under control of the proxy profiles.

    A couple of observations
    1/. memory usage is down and does not seem to grow much. Previously started about 35% and grew to about 50%, now sits around 37% 
    2/. CPU usage is lower, insignificant when already low.
    3/. the http proxy (a fix in v7.502) is more responsive.

    Streaming is not affected by the virus scanner.

    Ian[:)]