Hi,
I have an application behind a Clavister firewall that is causing me problems, as soon as I enable HTTP inspection or web control it gets blocked by ALG
200271 (http_not_allowed). The solution is a bit unclear to me reading the log reference guide, so how am I supposed to enable inspection but allow http over https?
I do not have control over this app so I cant change it.
HTTP over HTTPS blocked
Re: HTTP over HTTPS blocked
Hello.
It sounds like the problem is on the service that you are using on your IP rule/policy. It is only set to allow HTTPS but not HTTP and this application seems to want to use HTTP.
Remember that things can be a bit confusing when it comes to IP rules and IP policy's. Basically IP rules = old method and IP Policy = new recommended method.
IP rules uses the ALG field on the service and IP policy uses Protocol.
And yeah, it's confusing but in the future i hope that we will be able to phase out IP rules completely. At least in new configurations.
Best regards
/Peter
It sounds like the problem is on the service that you are using on your IP rule/policy. It is only set to allow HTTPS but not HTTP and this application seems to want to use HTTP.
Remember that things can be a bit confusing when it comes to IP rules and IP policy's. Basically IP rules = old method and IP Policy = new recommended method.
IP rules uses the ALG field on the service and IP policy uses Protocol.
And yeah, it's confusing but in the future i hope that we will be able to phase out IP rules completely. At least in new configurations.
Best regards
/Peter
Re: HTTP over HTTPS blocked
Also if the application is using HTTP encapsulated by HTTPS, it should "reasonably" not be a problem as we are not decrypting HTTPS as that would require a different approach such as a MiM (man-in-the-middle) system. Clavister NetEye can do HTTPS inspection.
/Peter
/Peter