I am troubleshooting a wired issue with dropbox.
When a user is logging into dropbox using his dropbox business account, he is not able to access any data. The login itself works fine. Once he tries to navigate his Internet Explorer crashes.
In the webfilter log we see this:
2015:01:14-07:02:12 UTMwebfilter httpproxy[11120]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.1.1.10" dstip="127.0.0.1" user="ronaldrandom" ad_domain="doomain" statuscode="502" cached="0" profile="REF_HttProPpa (citrix_proxy)" filteraction="REF_HttCffContentfil (Contentfilter_ppa)" size="2527" request="0xcb2b3000" url="www.dropboxlocalhost.com:17601/.../6.0)" exceptions="" category="170" reputation="neutral" categoryname="Personal Network Storage"
That doesn't make any sense to me and rises serveral questions:
- How can I see an entry with dstip=127.0.0.1 in the webfilter log?
- What is this dropboxlocalhost.com domain? I guess it has something to do with dropbox business as it doesn't show in the logs with private accounts even if I access the data I also have on my client with LAN sync enabled.
- What is "invalid argument" referencing to? What argument? Why does it block?
Another thing we noticed is, that it seems to work if we set up the browser to only allow TLS1.2 traffic. This however causes issues with several other sites. Enabling both also doesn't work.
I hope someone has seen something like that before and can help me to make sense of it.
Thank you in advance!
STHN
This thread was automatically locked due to age.
