cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
firemtn
Level 9
Report Inappropriate Content
Message 1 of 4
‎04-06-2012 08:54 AM

Smartfilter redirect fails for Google Chorme users

Jump to solution

Howdy,

I have some users who prefer Chorme.  Lately the SF redirect isn't working for them.  I did some packet captures that shows some HTML  comming from the 70103 firewall proxy:

GET /url?sa=t&rct=j&q=cgi%20proxy&source=web&cd=1&sqi=2&ved=0CDgQFjAA&url=http%3A%2F%2Fwww.jmarshall.com%2Ftools%2Fcgiproxy%2F&ei=CAt_T7zxKabZiALkoayvAw&usg=AFQjCNG2sDVAaMatDdVn0E4SQotQE3iGkg HTTP/1.1

Host: www.google.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.151 Safari/535.19

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Referer: http://www.google.com/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Cookie: PREF=ID=2d1a058ded5cb5ec:U=b4e2ec2ec55ae0d3:FF=0:TM=1333725128:LM=1333725138:S=aieCRqn0AJwsCrc7; NID=58=yzShkAzH8BpITgM6SmBiAZhxzb4qIOIC4ehmNw9rCx0LdKKpSoiUn7SQl4zQH4etNlqedtGnklj64Z5L_wZU1y29xSDzyichqiBwrUtkrv0dSQWFjNWXbPip8nM7H2IO

HTTP/1.0 302 Found

Content-Type: text/html

Connection: close

Content-Length: 297

Location: http://192.168.166.10:9015/actionpage?basictype=block&epochseconds=1333725969&requestedurl=http%3A%2...

<HTML><HEAD>

<TITLE>Your request is being redirected</TITLE>

</HEAD><BODY>

<H1>Warning</H1>

<H2>Your request is being redirected to SmartFilter</H2>

<HR>

<P>

<UL>

<LI>

<STRONG>

SmartFilter Redirect

</STRONG>

</UL>

<P>

Security policy does not allow your request to be completed.

</BODY>

</HTML>

It only is Chrome users who have this problem.  I didn't see anything in the Audit that looked abnormal.  Has anyone else seen issues with Chrome and SF on Sidewinders?

Thanks,

Mike

0 Kudos
Reply
1 Solution

Accepted Solutions
mtuma
Level 13
Report Inappropriate Content
Message 3 of 4
‎04-06-2012 10:11 AM

Re: Smartfilter redirect fails for Google Chorme users

Jump to solution

Hello,

According to the audit message above, the client (Chrome browser) is sending a header called "Origin" which is blocked by the application defense for Smartfilter Redirect.

To work around this, you could go into the application defense for Smartfilter redirect and disable the "request header" options.

-Matt

View solution in original post

0 Kudos
Reply
3 Replies
firemtn
Level 9
Report Inappropriate Content
Message 2 of 4
‎04-06-2012 09:53 AM

Re: Smartfilter redirect fails for Google Chorme users

Jump to solution

Ok,  I think I jumped the gun.  I did find an audit record that points to an issue:

Apr  6 09:37:39 2012 PDT  f_http_proxy a_proxy t_attack p_minor

pid: 76063 ruid: 0 euid: 0 pgid: 76063 logid: 0 cmd: 'httpp'

domain: SFrp edomain: SFrp hostname: swex2.firemountain.local

category: appdef_violation event: request header

netsessid: 4f7f1bd30006dcb9 srcip: 192.168.168.110 srcport: 17529

srcburb: internal dst_local_port: 9015 protocol: 6 src_local_port: 0

dstip: 127.0.0.1 dstport: 9015 dstburb: Firewall

attackip: 192.168.168.110 attackburb: internal

rule_name: SmartFilter Redirect

reason: Request denied with request header Origin.

Could there be something wanky it the request header that breaks SF?

0 Kudos
Reply
mtuma
Level 13
Report Inappropriate Content
Message 3 of 4
‎04-06-2012 10:11 AM

Re: Smartfilter redirect fails for Google Chorme users

Jump to solution

Hello,

According to the audit message above, the client (Chrome browser) is sending a header called "Origin" which is blocked by the application defense for Smartfilter Redirect.

To work around this, you could go into the application defense for Smartfilter redirect and disable the "request header" options.

-Matt

View solution in original post

0 Kudos
Reply
firemtn
Level 9
Report Inappropriate Content
Message 4 of 4
‎04-06-2012 10:22 AM

Re: Smartfilter redirect fails for Google Chorme users

Jump to solution

That's sound advice Matt.  In App Defense->HTTP->SF Redirect->HTTP request->Denied Deader Action, I just selected the "Allow page through without denied headers" option.

Good call!

Thanks,

Mike

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC