Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1271 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Forced AD Auth & no auth exception group

jmousse
I've got an interesting puzzle. I have ASG 8.001 config'ed with forced AD auth. Everything works fine, but if I add an exception group & select no auth for it, the user gets an Astaro error message in their browser. The sites that I wanted in this group were places such as YouTube, & FaceBook where re-auth is a pain. The syntax I used was:
^https?://[A-Za-z0-9.-]*facebook.com/
^https?://[A-Za-z0-9.-]*youtube.com/
Currently I'm using a work-around by using "categories" such as 'Social Networking', but I'd prefer it locked down a little tighter.
Has anyone else run into this? Comments/suggestions?
[:S]


This thread was automatically locked due to age.
Parents
  • 0
    Here are the two outputs. The first is from the ASG 8.001. The second is from the client running Firefox with Live HTTP Headers. It's very odd. The FW isn't picking up the URL as a no-auth exception in the exception goup.

    filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="4573" time="0 

    ms" request="0xe74acbb0" url="www.youtube.com/" exceptions="av,auth,mime" error="" 

    country="United States"
    2010:09:20-21:12:53 cyclops httpproxy[5597]: id="0002" severity="info" sys="SecureWeb" sub="http" 

    name="web request blocked" action="block" method="GET" srcip="192.168.1.100" dstip="" user="" 

    statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" 

    size="4832" time="0 ms" request="0xe7450f40" url="www.bbc.co.uk/.../ticker.sjson

    jsoncallback=bbc.fmtj.net.json.model.getFeedById

    (0).callback&client=bbcfmtj&cachebuster=cb128503142241476555" exceptions="" error=""
    2010:09:20-21:13:02 cyclops httpproxy[5597]: id="0002" severity="info" sys="SecureWeb" sub="http" 

    name="web request blocked" action="block" method="GET" srcip="192.168.1.100" dstip="" user="" 

    statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" 

    filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="4573" time="0 

    ms" request="0xe74acbb0" url="www.youtube.com/" exceptions="av,auth,mime" error="" 

    country="United States"
    2010:09:20-21:13:07 cyclops httpproxy[5597]: id="0001" severity="info" sys="SecureWeb" sub="http" 

    name="http access" action="pass" method="GET" srcip="192.168.1.100" dstip="" user="" statuscode="302" 

    cached="1" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFBlockAction 

    (Default content filter block action)" size="250" time="1 ms" request="0xe74ac168" url="http://en-

    gb.fxfeeds.mozilla.com/en-GB/firefox/headlines.xml" exceptions="av,auth,url" error="" content-

    type="text/html"
    2010:09:20-21:13:08 cyclops httpproxy[5597]: id="0002" severity="info" sys="SecureWeb" sub="http" 

    name="web request blocked" action="block" method="GET" srcip="192.168.1.100" dstip="" user="" 

    statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" 

    size="4636" time="0 ms" request="0xe74c7d08" 

    url="news.bbc.co.uk/.../rss.xml" exceptions="" error=""
    2010:09:20-21:13:08 cyclops httpproxy[5597]: id="0002" severity="info" sys="SecureWeb" sub="http" 

    name="web request blocked" action="block" method="GET" srcip="192.168.1.100" dstip="" user="" 

    statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" 

    size="4648" time="0 ms" request="0xeb146750" 



    YouTube - Broadcast Yourself.

    GET / HTTP/1.1
    Host: YouTube - Broadcast Yourself.
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-gb,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 115
    Connection: keep-alive
    Cookie: VISITOR_INFO1_LIVE=2L9s0T3TGfE; PREF=f1=50000000&gl=US&hl=en; use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; GEO=ee1b6f1e2b8b6c7c5261693618dff066cwsAAAAzQ0GtIZNdTJgFOA==

    HTTP/1.1 403 Forbidden
    Date: Tue, 21 Sep 2010 01:12:30 GMT
    Cache-Control: no-cache
    Pragma: no-cache
    Content-Type: text/html; charset="UTF-8"
    Content-Length: 4573
    Accept-Ranges: none
    Connection: Keep-Alive
    ----------------------------------------------------------
    http://passthrough.fw-notify.net/static/default.js

    GET /static/default.js HTTP/1.1
    Host: passthrough.fw-notify.net
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
    Accept: */*
    Accept-Language: en-gb,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 115
    Connection: keep-alive
    Referer: YouTube - Broadcast Yourself.

    HTTP/1.1 200 OK
    Content-Type: text/html; charset="UTF-8"
    Pragma: no-cache
    Cache-Control: no-cache
    Content-Length: 2745
    Accept-Ranges: none
    Connection: Keep-Alive
    ----------------------------------------------------------
Reply
  • 0
    Here are the two outputs. The first is from the ASG 8.001. The second is from the client running Firefox with Live HTTP Headers. It's very odd. The FW isn't picking up the URL as a no-auth exception in the exception goup.

    filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="4573" time="0 

    ms" request="0xe74acbb0" url="www.youtube.com/" exceptions="av,auth,mime" error="" 

    country="United States"
    2010:09:20-21:12:53 cyclops httpproxy[5597]: id="0002" severity="info" sys="SecureWeb" sub="http" 

    name="web request blocked" action="block" method="GET" srcip="192.168.1.100" dstip="" user="" 

    statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" 

    size="4832" time="0 ms" request="0xe7450f40" url="www.bbc.co.uk/.../ticker.sjson

    jsoncallback=bbc.fmtj.net.json.model.getFeedById

    (0).callback&client=bbcfmtj&cachebuster=cb128503142241476555" exceptions="" error=""
    2010:09:20-21:13:02 cyclops httpproxy[5597]: id="0002" severity="info" sys="SecureWeb" sub="http" 

    name="web request blocked" action="block" method="GET" srcip="192.168.1.100" dstip="" user="" 

    statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" 

    filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="4573" time="0 

    ms" request="0xe74acbb0" url="www.youtube.com/" exceptions="av,auth,mime" error="" 

    country="United States"
    2010:09:20-21:13:07 cyclops httpproxy[5597]: id="0001" severity="info" sys="SecureWeb" sub="http" 

    name="http access" action="pass" method="GET" srcip="192.168.1.100" dstip="" user="" statuscode="302" 

    cached="1" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFBlockAction 

    (Default content filter block action)" size="250" time="1 ms" request="0xe74ac168" url="http://en-

    gb.fxfeeds.mozilla.com/en-GB/firefox/headlines.xml" exceptions="av,auth,url" error="" content-

    type="text/html"
    2010:09:20-21:13:08 cyclops httpproxy[5597]: id="0002" severity="info" sys="SecureWeb" sub="http" 

    name="web request blocked" action="block" method="GET" srcip="192.168.1.100" dstip="" user="" 

    statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" 

    size="4636" time="0 ms" request="0xe74c7d08" 

    url="news.bbc.co.uk/.../rss.xml" exceptions="" error=""
    2010:09:20-21:13:08 cyclops httpproxy[5597]: id="0002" severity="info" sys="SecureWeb" sub="http" 

    name="web request blocked" action="block" method="GET" srcip="192.168.1.100" dstip="" user="" 

    statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" 

    size="4648" time="0 ms" request="0xeb146750" 



    YouTube - Broadcast Yourself.

    GET / HTTP/1.1
    Host: YouTube - Broadcast Yourself.
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-gb,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 115
    Connection: keep-alive
    Cookie: VISITOR_INFO1_LIVE=2L9s0T3TGfE; PREF=f1=50000000&gl=US&hl=en; use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; GEO=ee1b6f1e2b8b6c7c5261693618dff066cwsAAAAzQ0GtIZNdTJgFOA==

    HTTP/1.1 403 Forbidden
    Date: Tue, 21 Sep 2010 01:12:30 GMT
    Cache-Control: no-cache
    Pragma: no-cache
    Content-Type: text/html; charset="UTF-8"
    Content-Length: 4573
    Accept-Ranges: none
    Connection: Keep-Alive
    ----------------------------------------------------------
    http://passthrough.fw-notify.net/static/default.js

    GET /static/default.js HTTP/1.1
    Host: passthrough.fw-notify.net
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
    Accept: */*
    Accept-Language: en-gb,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 115
    Connection: keep-alive
    Referer: YouTube - Broadcast Yourself.

    HTTP/1.1 200 OK
    Content-Type: text/html; charset="UTF-8"
    Pragma: no-cache
    Cache-Control: no-cache
    Content-Length: 2745
    Accept-Ranges: none
    Connection: Keep-Alive
    ----------------------------------------------------------
Children
No Data