HTTP over HTTPS blocked

Security Gateway Discussions
Post Reply
minys
Posts: 1
Joined: 12 Sep 2019, 11:10

HTTP over HTTPS blocked

Post by minys » 12 Mar 2020, 11:33

Hi,
I have an application behind a Clavister firewall that is causing me problems, as soon as I enable HTTP inspection or web control it gets blocked by ALG
200271 (http_not_allowed). The solution is a bit unclear to me reading the log reference guide, so how am I supposed to enable inspection but allow http over https?

I do not have control over this app so I cant change it.

Peter
Posts: 680
Joined: 10 Apr 2008, 14:14
Location: Clavister HQ - Örnsköldsvik

Re: HTTP over HTTPS blocked

Post by Peter » 13 Mar 2020, 07:25

Hello.

It sounds like the problem is on the service that you are using on your IP rule/policy. It is only set to allow HTTPS but not HTTP and this application seems to want to use HTTP.

Remember that things can be a bit confusing when it comes to IP rules and IP policy's. Basically IP rules = old method and IP Policy = new recommended method.

IP rules uses the ALG field on the service and IP policy uses Protocol.

And yeah, it's confusing but in the future i hope that we will be able to phase out IP rules completely. At least in new configurations.

Best regards
/Peter

Peter
Posts: 680
Joined: 10 Apr 2008, 14:14
Location: Clavister HQ - Örnsköldsvik

Re: HTTP over HTTPS blocked

Post by Peter » 13 Mar 2020, 07:28

Also if the application is using HTTP encapsulated by HTTPS, it should "reasonably" not be a problem as we are not decrypting HTTPS as that would require a different approach such as a MiM (man-in-the-middle) system. Clavister NetEye can do HTTPS inspection.

/Peter

Post Reply