Options
Https sites not working anymore, nothing changes in conf
Hi, i have a small situation, seens for one website, but possibly impact others
i'm using a community forum in https
for a long time, work fine, but for no reason, since 2 days, don't work anymore, got a connexion reset from the firewall.
main website works in https, but not the forum
forum work in http but weird appearance.
here's traffic monitor :
from main website https, website works fine2023-03-28 08:57:23 Member1 Allow 10.0.3.123 188.166.203.108 https/tcp 59459 443 Reseau local FO-SFR ProxyAllow: HTTPS domain name match (HTTPS-Inspect-TEST-00) proc_id="https-proxy" rc="590" msg_id="2CFF-0003" proxy_act="HTTPS-TEST.1" geo_dst="NLD" rule_name="Default" sni="www.canardpc.com" ipaddress="188.166.203.108"
from https forum, got a connexion reset
2023-03-28 08:57:51 Member1 Allow 10.0.3.123 163.172.102.71 https/tcp 59468 443 Reseau local FO-SFR ProxyAllow: HTTPS domain name match (HTTPS-Inspect-TEST-00) proc_id="https-proxy" rc="590" msg_id="2CFF-0003" proxy_act="HTTPS-TEST.1" geo_dst="FRA" rule_name="Default" sni="forum.canardpc.com" ipaddress="163.172.102.71" 2023-03-28 08:57:51 Member1 Deny 10.0.3.123 163.172.102.71 https/tcp 59468 443 Reseau local FO-SFR HTTPS Request (HTTPS-Inspect-TEST-00) proc_id="https-proxy" rc="548" msg_id="2CFF-0000" app_id="0" app_cat_id="0" proxy_act="HTTPS-TEST.1" action="drop" geo_dst="FRA" sent_bytes="517" rcvd_bytes="4756" tls_version="TLS_V12" tls_profile="TLS-Viry" sni="forum.canardpc.com" cn="forum.canardpc.com" cert_issuer="CN=R3,O=Let's Encrypt,C=US" cert_subject="CN=forum.canardpc.com" sig_vers="18.256" 2023-03-28 08:57:51 Member1 Allow 10.0.3.123 163.172.102.71 https/tcp 59469 443 Reseau local FO-SFR ProxyAllow: HTTPS domain name match (HTTPS-Inspect-TEST-00) proc_id="https-proxy" rc="590" msg_id="2CFF-0003" proxy_act="HTTPS-TEST.1" geo_dst="FRA" rule_name="Default" sni="forum.canardpc.com" ipaddress="163.172.102.71" 2023-03-28 08:57:51 Member1 Deny 10.0.3.123 163.172.102.71 https/tcp 59469 443 Reseau local FO-SFR HTTPS Request (HTTPS-Inspect-TEST-00) proc_id="https-proxy" rc="548" msg_id="2CFF-0000" app_id="0" app_cat_id="0" proxy_act="HTTPS-TEST.1" action="drop" geo_dst="FRA" sent_bytes="517" rcvd_bytes="4756" tls_version="TLS_V12" tls_profile="TLS-Viry" sni="forum.canardpc.com" cn="forum.canardpc.com" cert_issuer="CN=R3,O=Let's Encrypt,C=US" cert_subject="CN=forum.canardpc.com" sig_vers="18.256"
From http forum, works with weird appearance
2023-03-28 08:58:20 Member1 Allow 10.0.3.123 163.172.102.71 https/tcp 59474 443 Reseau local FO-SFR ProxyAllow: HTTPS domain name match (HTTPS-Inspect-TEST-00) proc_id="https-proxy" rc="590" msg_id="2CFF-0003" proxy_act="HTTPS-TEST.1" geo_dst="FRA" rule_name="Default" sni="forum.canardpc.com" ipaddress="163.172.102.71" 2023-03-28 08:58:20 Member1 Deny 10.0.3.123 163.172.102.71 https/tcp 59474 443 Reseau local FO-SFR HTTPS Request (HTTPS-Inspect-TEST-00) proc_id="https-proxy" rc="548" msg_id="2CFF-0000" app_id="0" app_cat_id="0" proxy_act="HTTPS-TEST.1" action="drop" geo_dst="FRA" sent_bytes="517" rcvd_bytes="4756" tls_version="TLS_V12" tls_profile="TLS-Viry" sni="forum.canardpc.com" cn="forum.canardpc.com" cert_issuer="CN=R3,O=Let's Encrypt,C=US" cert_subject="CN=forum.canardpc.com" sig_vers="18.256" 2023-03-28 08:58:20 Member1 Allow 10.0.3.123 163.172.102.71 https/tcp 59475 443 Reseau local FO-SFR ProxyAllow: HTTPS domain name match (HTTPS-Inspect-TEST-00) proc_id="https-proxy" rc="590" msg_id="2CFF-0003" proxy_act="HTTPS-TEST.1" geo_dst="FRA" rule_name="Default" sni="forum.canardpc.com" ipaddress="163.172.102.71" 2023-03-28 08:58:20 Member1 Deny 10.0.3.123 163.172.102.71 https/tcp 59475 443 Reseau local FO-SFR HTTPS Request (HTTPS-Inspect-TEST-00) proc_id="https-proxy" rc="548" msg_id="2CFF-0000" app_id="0" app_cat_id="0" proxy_act="HTTPS-TEST.1" action="drop" geo_dst="FRA" sent_bytes="517" rcvd_bytes="4756" tls_version="TLS_V12" tls_profile="TLS-Viry" sni="forum.canardpc.com" cn="forum.canardpc.com" cert_issuer="CN=R3,O=Let's Encrypt,C=US" cert_subject="CN=forum.canardpc.com" sig_vers="18.256" 2023-03-28 08:58:20 Member1 Allow 10.0.3.123 163.172.102.71 https/tcp 59478 443 Reseau local FO-SFR ProxyAllow: HTTPS domain name match (HTTPS-Inspect-TEST-00) proc_id="https-proxy" rc="590" msg_id="2CFF-0003" proxy_act="HTTPS-TEST.1" geo_dst="FRA" rule_name="Default" sni="forum.canardpc.com" ipaddress="163.172.102.71" 2023-03-28 08:58:20 Member1 Allow 10.0.3.123 163.172.102.71 https/tcp 59477 443 Reseau local FO-SFR ProxyAllow: HTTPS domain name match (HTTPS-Inspect-TEST-00) proc_id="https-proxy" rc="590" msg_id="2CFF-0003" proxy_act="HTTPS-TEST.1" geo_dst="FRA" rule_name="Default" sni="forum.canardpc.com" ipaddress="163.172.102.71" 2023-03-28 08:58:20 Member1 Allow 10.0.3.123 163.172.102.71 https/tcp 59480 443 Reseau local FO-SFR ProxyAllow: HTTPS domain name match (HTTPS-Inspect-TEST-00) proc_id="https-proxy" rc="590" msg_id="2CFF-0003" proxy_act="HTTPS-TEST.1" geo_dst="FRA" rule_name="Default" sni="forum.canardpc.com" ipaddress="163.172.102.71" + multiple line saying the same
Can't understand why is behaving like that and what could possibly changes 
- weird thing is the rule HTTPS-Inspect-TEST is supposed to inspec only https on 443, not http on 80
0
Best Answer
-
Options
Another option is to add a Allow exception on your HTTPS proxy action for forum.canardpc.com
0
Sign In to comment.
Answers
The forum works for me on HTTPS & HTTP using Firefox, Chrome & Opera.
I'm running Fireware V12.9.2.
Note that the logs posted for HTTP above show HTTPS TCP port 443 log entries.
Can you access the forum using a HTTPS packet filter correctly?
If so, are you blocking some Content Types etc. and not logging it?
The Deny log record suggests that something is being denied.
The logs came from traffic monitor, filtered on canardpc
don't understand why http also have https traffic
Thing is old admins left, i came to this job, they were already left, and i'm trying to get my hand on this firewall.
not easy to understand web policy, there are several rules for web traffic, but the http-inpect-test is on top, so every web traffic goes by this rules.
i'm still trying to figure how works proxy, web blocking, etc
if i put a classic https rule with proxy and no webblocker, site work fine on https, but i can also acces porn or dangerous sites, not cool so
something might mess with webblocker, or tls, can't find what.
In this new HTTPS policy - set the To: to the IP addr or FQDN of the forum site - forum.canardpc.com
Make sure that this policy ends up above the HTTPS-Inspect-TEST policy.
When a web site is Inspected, the HTTP proxy action specified on the HTTPS proxy action is used to process the packet contents, such as Content Types, URL Paths, etc.
With an exception it works fine.