Page 1 of 1

HTTP over HTTPS blocked

Posted: 12 Mar 2020, 11:33
by minys
I have an application behind a Clavister firewall that is causing me problems, as soon as I enable HTTP inspection or web control it gets blocked by ALG
200271 (http_not_allowed). The solution is a bit unclear to me reading the log reference guide, so how am I supposed to enable inspection but allow http over https?

I do not have control over this app so I cant change it.

Re: HTTP over HTTPS blocked

Posted: 13 Mar 2020, 07:25
by Peter

It sounds like the problem is on the service that you are using on your IP rule/policy. It is only set to allow HTTPS but not HTTP and this application seems to want to use HTTP.

Remember that things can be a bit confusing when it comes to IP rules and IP policy's. Basically IP rules = old method and IP Policy = new recommended method.

IP rules uses the ALG field on the service and IP policy uses Protocol.

And yeah, it's confusing but in the future i hope that we will be able to phase out IP rules completely. At least in new configurations.

Best regards

Re: HTTP over HTTPS blocked

Posted: 13 Mar 2020, 07:28
by Peter
Also if the application is using HTTP encapsulated by HTTPS, it should "reasonably" not be a problem as we are not decrypting HTTPS as that would require a different approach such as a MiM (man-in-the-middle) system. Clavister NetEye can do HTTPS inspection.