This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Google Music Beta Upload Issue

Background:
ASG 8.103
4 rules on the firewall

[LIST=1]

Any - FTP - Any (Block)
Any - HTTP - Any (Block)
Internal Network - Any - Internet IPV4 (Allow)
Wireless Guest - Email Messaging - Internet IPV4 (Allow)

[/LIST]
Intrusion Protection on
IM/P2P Control on (for the Wireless Guest Network)
HTTP/S Proxy on in transparent mode
FTP Proxy on
Antivirus for HTTP/S, FTP on
AntiSpyware on

Problem:
Ok, so I'm trying to use the Google Music uploader and it won't upload. I turn HTTP/S Proxy off and it uploads. URL Filtering is on for the HTTP/S Proxy. The category which is blocked is the "Suspicious" category. No changes have been made to the categories themselves. I tried putting in an exception with the follow RegEx: ^https?://[A-Za-z0-9.-]*google.com which is probably wrong, but I don't know RegEx so it was complete guess work based on the other exceptions in the list. I tried looking at the live log for HTTP/S Proxy while trying to upload and I get no blocks in the log.

Anyone have any ideas?

I'd be willing to bet that the uploader sends information to a particular IP instead of a domain name, but without more technical information posted from google or a log entry that I can poke through I can't find out what that might be. Aside from that does anyone have any ideas where else I could look to find that information or know if I just blew the RegEx statement?

Thanks for any help.

-Bob Adams

This thread was automatically locked due to age.

Parents

0 BAlfson over 14 years ago

A DNS Group and a DNS Host definition work the same way. If an FQDN has more than one IP associated with it, I thnk the DNS Host definition only gets the first one. A DNS Group definition will list all of the IPs. There's currently no way to have a definition that queries multiple FDQNs, neither with wildcards nor with a REGEX.

The relevant lines from HTTP/S Proxy log:

[FONT=monospace]2011:06:30-17:22:05  bob httpproxy[11818]: id="0001" severity="info" sys="SecureWeb"  sub="http" name="http access" action="pass" method="GET"  srcip="192.168.12.208" dstip="72.14.204.132" user="" statuscode="304"  cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)"  filteraction="REF_DefaultHTTPCFFAction (Default content filter action)"  size="0" time="38 ms" request="0x9ce5cf90"  url="http://lh4.googleusercontent.com/MuNMZi_OQGFa3OSO5xrQzVufMn-pCE0CUgAJ2d5tRxL2MHIBNy2SRBvGzTR6=s130-c"  exceptions="" error="" category="177" reputation="neutral"  categoryname="Content Server" [/FONT]

[FONT=monospace]2011:06:30-17:22:32  bob httpproxy[11818]: id="0001" severity="info" sys="SecureWeb"  sub="http" name="http access" action="pass" method="GET"  srcip="192.168.12.208" dstip="74.125.93.116" user="" statuscode="200"  cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)"  filteraction="REF_DefaultHTTPCFFAction (Default content filter action)"  size="11566602" time="27006 ms" request="0x9ce222f8"  url="http://t.doc-0-0-sj.sj.googleusercontent.com/stream?id=be86a511ac1a2655&itag=25&ip=0.0.0.0&ipbits=0&expire=1309468985&sparams=id,itag,ip,ipbits,expire&signature=94CE8DC19D2147D1F9CB7149BD21F69248C90104.3CDDC8F6A793FCC5AEA57D1CE495494498DC3C9&key=sj2"  exceptions="" error="" category="147" reputation="neutral"  categoryname="Streaming Media" content-type="audio/mpeg" [/FONT]

The first line seems to be a response that

"http://lh4.googleusercontent.com/MuNMZi_OQGFa3OSO5xrQzVufMn-pCE0CUgAJ2d5tRxL2MHIBNy2SRBvGzTR6=s130-c"

was unchanged. The second line indicates "streaming content" - do you have 'Bypass content scanning for streaming content' checked on the 'Advanced' tab?

How about the relevant lines now that you changed to googleusercontent.com?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA

Reply

0 BAlfson over 14 years ago

The relevant lines from HTTP/S Proxy log:

[FONT=monospace]2011:06:30-17:22:05  bob httpproxy[11818]: id="0001" severity="info" sys="SecureWeb"  sub="http" name="http access" action="pass" method="GET"  srcip="192.168.12.208" dstip="72.14.204.132" user="" statuscode="304"  cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)"  filteraction="REF_DefaultHTTPCFFAction (Default content filter action)"  size="0" time="38 ms" request="0x9ce5cf90"  url="http://lh4.googleusercontent.com/MuNMZi_OQGFa3OSO5xrQzVufMn-pCE0CUgAJ2d5tRxL2MHIBNy2SRBvGzTR6=s130-c"  exceptions="" error="" category="177" reputation="neutral"  categoryname="Content Server" [/FONT]

[FONT=monospace]2011:06:30-17:22:32  bob httpproxy[11818]: id="0001" severity="info" sys="SecureWeb"  sub="http" name="http access" action="pass" method="GET"  srcip="192.168.12.208" dstip="74.125.93.116" user="" statuscode="200"  cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)"  filteraction="REF_DefaultHTTPCFFAction (Default content filter action)"  size="11566602" time="27006 ms" request="0x9ce222f8"  url="http://t.doc-0-0-sj.sj.googleusercontent.com/stream?id=be86a511ac1a2655&itag=25&ip=0.0.0.0&ipbits=0&expire=1309468985&sparams=id,itag,ip,ipbits,expire&signature=94CE8DC19D2147D1F9CB7149BD21F69248C90104.3CDDC8F6A793FCC5AEA57D1CE495494498DC3C9&key=sj2"  exceptions="" error="" category="147" reputation="neutral"  categoryname="Streaming Media" content-type="audio/mpeg" [/FONT]

The first line seems to be a response that

"http://lh4.googleusercontent.com/MuNMZi_OQGFa3OSO5xrQzVufMn-pCE0CUgAJ2d5tRxL2MHIBNy2SRBvGzTR6=s130-c"

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA

Children

No Data