Website blocked by CSC - HTTPS CONNECT port restriction?

Unanswered Question
Jul 29th, 2010

Hello - I am not sure, but it appers a secure website we are attempting to attach to is inaccessible due to a rule on the FW.  When querying the 'URL Blocking Log' on the Trend CSC for a period of the last two days, I see two entries - both list 'HTTPS connect port restriction' as the blocking rule.  How can I fix so the secure site is accessible?  Please see attached for more detail.  Thank you!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Thu, 07/29/2010 - 12:59

Davis,

The CSC module will not block https, it will not inspect it at all.

Can you give us the log? Is it a CSC log or an ASA one? Does the ASA have http inspection enabled?

PK

Magnus Mortensen Thu, 07/29/2010 - 18:50

Davis,

     Since the module only scans tcp port 21/25/80/110 traffic, that error leads me to believe that these connections appear to be HTTPS connection using TCP port 80. Is there some application that is making these requests to 216.115.208.x on port 80 that is really an HTTPS connection? If you need to let this traffic through, the only way it will work is to exclude this traffic from being sent to the CSC module at all.

Do you know what this traffic is?

-Magnus

dmc3106cisco Fri, 07/30/2010 - 07:20

So, the CSC should not be inspecting the traffic, although it displays 'port restriction' as the blocking rule for 443 in the CSC report??

The page in question is a https site for login to a 'secure trasfer' page, which allows outside entities to upload larger files to a companies network via the web.

Panos Kampanakis Fri, 07/30/2010 - 09:06

The CSC will disregard traffic destined to port 443(https) all together.

So the log you are seeing is probably from HTTP inspection. Can send the actual log?

PK

dmc3106cisco Fri, 07/30/2010 - 09:18

HTTP inspection is not enabled.

UPDATE:  I can now, along with another user, access the secure login page. However, many others still cannot.

I have tried deleting all of the browser cache, for those still having trouble, but this does not help.


This may not be a firewall issue after all. What steps can I take to try and track down where the issue is? I've contacted the company who hosts the site(they are a large corporation) and the technicians relayed not having any other customers reporting trouble accessing. Thanks --

Magnus Mortensen Fri, 07/30/2010 - 16:28

Justing by the error you are seeing, it looks like that application/site does some non-standard http over TCP port 80. THe best thing you can do is to simply exclude the destination server from going up to the the CSC module.  Please post the output of:

'show run policy'

'show run class-map'

- Magnus

Actions

This Discussion