[7.075] problem getting to a https Website (tipp24.de)

KSeemann · #1 (**permalink**) 11-13-2007, 07:47 PM

I can´t get to the Site "https://www.tipp24.de"... Both Firefox (Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9) and IE (7.0.5730.11) don´t work.

Firefox pops up a Message like this "www.tip24.de hat eine falsche oder unerwartete Nachricht gesendet. Fehler-Code: -12263" and IE brings it´s standard Page "Die Webseite kann nicht angezeigt werden".

The Site works perfect if i don´t use the Proxy...

The ASL is a fresh Install (no imported Config)
The HTTP Proxy settings are: Mode: standard, Dual-AV, default File extensions, CF: only block Spyware, a few exceptions... and no HTTP Profiles

I can find a few .gif Downloads in the Content Filter Log for tipp24.de but then it stops for nearly 2 Minutes and aborts with this Logline:

Code:

2007:11:13-20:05:05 (none) httpproxy[4211]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="CONNECT" srcip="192.168.201.101" user="" statuscode="502" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="0" time="61973 ms" request="0xae413aa0" url="www.tipp24.de:443" error="Connection to server timed out" category="0710" categoryname="Gambling"

BrucekConvergent · #2 (**permalink**) 11-13-2007, 07:57 PM

Wierd... www.tipp24.de works fine on my 7.075 install.

stuartbe · #3 (**permalink**) 11-13-2007, 08:52 PM

Same here. No problem my end 7.075 to and tried it with no proxy profiles to.

ReD-MaN · #4 (**permalink**) 11-13-2007, 09:02 PM

Works here no problem too.

KSeemann · #5 (**permalink**) 11-13-2007, 09:16 PM

Still doesn´t work from my main PC (WinXP Machine)... but it works from my Ubuntu Server...

...just rebootet the PC... still the same... so i started another PC with WinXP and IE7 and Tipp24.de works there without any problems...

...and no other https Site works from my main PC!!!???

How did i manage to isolate one PC from https Sites without using HTTP Profiles?

is there still a "Block CONNECT" switch somewhere in the 7.075??? because thats what i find in the Contentfilter Log... lots of

Code:

action="block" method="CONNECT"

for HTTPS Sites?!

...and i can get to the User Portal of my ASL?!

Gert Hansen · #6 (**permalink**) 11-13-2007, 11:10 PM

Hi there,

the Internet Explorer was in the past sometimes flaky with special server/proxy connections.

Can you please compare the different browser versions?

In order to get more insight, you can enable debugging in the http proxy by changing the debug value to debug=profile,scan,req,resp in the configuration file /var/chroot-http/etc/httpproxy.ini

you don't need to restart the proxy as it automatically detect the change.

this will create more debugging information that should give you/us more insight.

please disable it after the debugging again.

regards
Gert

KSeemann · #7 (**permalink**) 11-14-2007, 05:09 PM

Hello Gert,

i changed the "debug" line to

Code:

debug = profile,scan,req,resp

dang.... wrong delimiter...

Code:

debug = profile;scan;req;resp

...now it works

and get a config reload message in the http.log...

Code:

2007:11:14-19:01:39 (none) httpproxy[4236]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="epoll_loop" file="epoll.c" line="271" message="reloading config"
2007:11:14-19:01:39 (none) httpproxy[4236]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_config" file="httpproxy.c" line="410" message="loading httpproxy.ini"
2007:11:14-19:01:39 (none) httpproxy[4236]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_debug" file="httpproxy.c" line="396" message="debug option enabled: req"
2007:11:14-19:01:39 (none) httpproxy[4236]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_debug" file="httpproxy.c" line="396" message="debug option enabled: resp"
2007:11:14-19:01:39 (none) httpproxy[4236]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_debug" file="httpproxy.c" line="396" message="debug option enabled: scan"
2007:11:14-19:01:39 (none) httpproxy[4236]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_debug" file="httpproxy.c" line="396" message="debug option enabled: profile"

...and here is the full Log:

KSeemann · #8 (**permalink**) 11-18-2007, 05:25 PM

UPDATE!

somehow... it seems to be a allergic Reaction of my Kaspersky AV7 to ASL 7.075 / 7.080 BETA...

I fired up my ASL 6 again and HTTPS from my main Computer works again...

Then i did a complete reinstall of v7.075... and even with the basic Config (fresh after the Wizard) no HTTPS from my main PC (Firefox 2.0.0.9 and IE7)

If i disable the "Web-Anti-Virus" component in my Kaspersky AV 7 it works again

BrucekConvergent · #9 (**permalink**) 11-19-2007, 04:06 PM

Ah yes... I seem to recall an old thread here on the UBB where someone had issues with a local web scanner interfering with Proxy usage...

svens · #10 (**permalink**) 12-07-2007, 06:56 PM

Hi,

Quote:

Originally Posted by BrucekConvergent

Ah yes... I seem to recall an old thread here on the UBB where someone had issues with a local web scanner interfering with Proxy usage...

Just an update on this one: It seems like Kaspersky is treating our response to HTTP CONNECT requests (which are used for tunneling HTTPS) as invalid. The 7.100 proxy right now uses an 'HTTP/1.1 200 OK' response code. Our old code used 'HTTP/1.1 200 Connection established'.

Even though the text message should be treated as informational, kaspersky doesn't like the 'OK' and wants to see the 'Connection established' string. I've changed it now back to the old version, and it works. So after this fix is released Kaspersky AV should be happy and no longer blocking HTTPS

Cheers,

Sven.