cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Can not access websites

Jump to solution

Hello,

I have problems getting a website via Web Gateway. It can be reached via free internet at the same time.

Via Web Gateway the page is staying blank.

In Rule Tracing I couldn't find any block.

Tracert shows, that the destination is reachable:

tracert sweetsoulxmasrevue.com

Routenverfolgung zu sweetsoulxmasrevue.com [217.160.223.220]
über maximal 30 Hops:

(first hops are local hops to the Public Adress)

  6    14 ms     8 ms     8 ms  92.79.219.17
  7    10 ms     9 ms    10 ms  92.79.214.238
  8    15 ms    14 ms    15 ms  145.254.2.195
  9    16 ms    15 ms    15 ms  145.254.2.195
 10    16 ms    14 ms    14 ms  decix.bb-a.fra3.fra.de.oneandone.net [80.81.192.123]
 11    15 ms    19 ms    18 ms  ae-1.bb-c.act.fra.de.oneandone.net [212.227.120.90]
 12    17 ms    17 ms    18 ms  ae-4.bb-b.bs.kae.de.oneandone.net [212.227.120.18]
 13    16 ms    18 ms    18 ms  kundenserver.de [217.160.223.220]

This is what I've got through Connection Tracing:

Server:

09:45:44.368: Connect: Would block (EPOLLOUT, EPOLLONESHOT, EPOLLERR) [xdeletedIPv6Adressx]:80 (fd = 1238, date = 27.12.2018, MWG 7.8.1.6.0-26087)
09:45:44.390: Connection is still ok
09:45:44.390: Connection is still ok
09:45:44.390: PostConnect: ok (local addr [xdeletedIPv6Adressx]:51494)
09:45:44.390: Send 321 bytes; offset = 0
>>>
GET /de HTTP/1.1
Host: sweetsoulxmasrevue.com
Accept: text/html, application/xhtml+xml, image/jxr, */*
Pragma: no-cache
User-Agent: xdeletedx
Accept-Encoding: gzip, deflate
Accept-Language: de-DE
Via: Forward Proxy
Connection: Keep-Alive

<<<
09:45:44.390: Receive: Would Block (EPOLLIN, EPOLLONESHOT)
09:45:44.466: Received 206 bytes
>>>
HTTP/1.1 200 OK
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Date: Thu, 27 Dec 2018 08:45:44 GMT
Server: Apache
X-Powered-By: PHP/5.4.45

2



<<<
09:45:44.467: Receive: Would Block (EPOLLIN, EPOLLONESHOT)
09:45:44.473: Received 5 bytes
>>>
0

<<<
09:46:07.076: Releasing and closing FD (fd = 1238, 0)

Client:

09:45:44.336: Accepted connection on ProxyIP1/ProxyIP2:8080 from ClientIP:53677 (fd = 258, date = 27.12.2018, MWG 7.8.1.6.0-26087)
09:45:44.337: Receive: Would Block (EPOLLIN, EPOLLONESHOT)
09:45:44.340: Received 324 bytes
>>>
GET http://sweetsoulxmasrevue.com/de HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: de-DE
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: sweetsoulxmasrevue.com
Proxy-Connection: Keep-Alive
Pragma: no-cache

<<<
09:45:44.348: Send 14141 bytes; offset = 0
>>>
HTTP/1.1 407 AuthenticationRequired
Via: ProxyIP (McAfee Web Gateway 7.8.1.6.0.26087)
Date: Thu, 27 Dec 2018 08:45:44 GMT
Content-Type: text/html
Cache-Control: no-cache
Content-Length: 13790
Proxy-Connection: Keep-Alive
Proxy-Authenticate: Negotiate
Proxy-Authenticate: NTLM
Proxy-Authenticate: Basic realm="Proxy Authentication"

09:45:44.348: Connection is still ok
09:45:44.351: Receive: Would Block (EPOLLIN, EPOLLONESHOT)
09:45:44.359: Received 1460 bytes
>>>
GET http://sweetsoulxmasrevue.com/de HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: de-DE
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Pragma: no-cache
Host: sweetsoulxmasrevue.com
Proxy-Authorization: Negotiate

09:45:44.359: Received 2920 bytes
>>>

09:45:44.359: Received 1101 bytes
>>>

09:45:44.467: Connection is still ok
09:45:44.467: Connection is still ok
09:45:44.473: Connection is still ok
09:45:44.479: Send 213 bytes; offset = 0
>>>
HTTP/1.1 200 OK
Via: Forward HTTP Proxy Kunden
Date: Thu, 27 Dec 2018 08:45:44 GMT
Server: Apache
Content-Type: text/html
X-Powered-By: PHP/5.4.45
Proxy-Connection: Keep-Alive
Transfer-Encoding: chunked

<<<
09:45:44.479: Send 7 bytes; offset = 0
>>>
2



<<<
09:45:44.479: Send 5 bytes; offset = 0
>>>
0

<<<
09:45:44.481: Receive: Would Block (EPOLLIN, EPOLLONESHOT)
09:46:07.075: Receive: errno: 104 - 'Connection reset by peer' (104)
09:46:07.076: Shutdown with error 107
09:46:07.076: Received FIN
09:46:07.076: Releasing and closing FD (fd = 258, 0)

 

Second Try

Server

09:46:07.298: Connect: Would block (EPOLLOUT, EPOLLONESHOT, EPOLLERR) [xdeletedIPv6Adressx]:80 (fd = 861, date = 27.12.2018, MWG 7.8.1.6.0-26087)
09:46:07.319: Connection is still ok
09:46:07.319: Connection is still ok
09:46:07.319: PostConnect: ok (local addr [xdeletedIPv6Adressx]:52114)
09:46:07.320: Send 321 bytes; offset = 0
>>>
GET /de HTTP/1.1
Host: sweetsoulxmasrevue.com
Accept: text/html, application/xhtml+xml, image/jxr, */*
Pragma: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Accept-Language: de-DE
Via: Forward Proxy
Connection: Keep-Alive

<<<
09:46:07.320: Receive: Would Block (EPOLLIN, EPOLLONESHOT)
09:46:07.396: Received 206 bytes
>>>
HTTP/1.1 200 OK
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Date: Thu, 27 Dec 2018 08:46:07 GMT
Server: Apache
X-Powered-By: PHP/5.4.45

2



<<<
09:46:07.397: Receive: Would Block (EPOLLIN, EPOLLONESHOT)
09:46:07.404: Received 5 bytes
>>>
0

<<<
09:47:14.971: Releasing and closing FD (fd = 861, 0)

Client

09:46:07.116: Accepted connection on ProxyIP1:8080/ProxyIP2:8080 from ClientIP:53689 (fd = 290, date = 27.12.2018, MWG 7.8.1.6.0-26087)
09:46:07.117: Receive: Would Block (EPOLLIN, EPOLLONESHOT)
09:46:07.165: Received 324 bytes
>>>
GET http://sweetsoulxmasrevue.com/de HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: de-DE
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: sweetsoulxmasrevue.com
Proxy-Connection: Keep-Alive
Pragma: no-cache

<<<
09:46:07.173: Send 14141 bytes; offset = 0
>>>
HTTP/1.1 407 AuthenticationRequired
Via: ProxyIP (McAfee Web Gateway 7.8.1.6.0.26087)
Date: Thu, 27 Dec 2018 08:46:07 GMT
Content-Type: text/html
Cache-Control: no-cache
Content-Length: 13790
Proxy-Connection: Keep-Alive
Proxy-Authenticate: Negotiate
Proxy-Authenticate: NTLM
Proxy-Authenticate: Basic realm="Proxy Authentication"

 

09:46:07.173: Connection is still ok
09:46:07.176: New logical connection SockOpts unchanged. TCP window not empty: 6841 bytes (or 5 packets)
09:46:07.176: Receive: Would Block (EPOLLIN, EPOLLONESHOT)
09:46:07.288: Received 2920 bytes
>>>
GET http://sweetsoulxmasrevue.com/de HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: de-DE
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Pragma: no-cache
Host: sweetsoulxmasrevue.com
Proxy-Authorization: Negotiate

 

09:46:07.288: Received 1460 bytes

 

09:46:07.288: Receive: Would Block (EPOLLIN, EPOLLONESHOT)
09:46:07.288: Received 1101 bytes

 

09:46:07.397: Connection is still ok
09:46:07.397: Connection is still ok
09:46:07.404: Connection is still ok
09:46:07.408: Send 213 bytes; offset = 0

 

HTTP/1.1 200 OK
Via: Forward HTTP Proxy Kunden
Date: Thu, 27 Dec 2018 08:46:07 GMT
Server: Apache
Content-Type: text/html
X-Powered-By: PHP/5.4.45
Proxy-Connection: Keep-Alive
Transfer-Encoding: chunked

<<<
09:46:07.408: Send 7 bytes; offset = 0
>>>
2



<<<
09:46:07.409: Send 5 bytes; offset = 0
>>>
0

<<<
09:46:07.411: Receive: Would Block (EPOLLIN, EPOLLONESHOT)
09:47:14.971: Shutdown was ok
09:47:14.971: Releasing FD with pending data (fd = 290, 1)

 

1 Solution

Accepted Solutions
McAfee Employee aloksard
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Can not access websites

Jump to solution

Hi,

Hope you are doing well.

Issue is reproducibale  at my end if I add Via header for the request being sent from MWG to destination serve.  I also get blank page.  At same destination server does not provide response content.

 

Below is seen  at my end:-

 

GET /de HTTP/1.1

Host: sweetsoulxmasrevue.com

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

Accept-Encoding: gzip, deflate

Accept-Language: en-GB,en-US;q=0.9,en;q=0.8

X-Forwarded-For: 172.19.212.56

Upgrade-Insecure-Requests: 1

Via: 1.1 172.19.212.109 (McAfee Web Gateway 7.8.2.4.0.27219)

Connection: Keep-Alive

 

HTTP/1.1 200 OK

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Keep-Alive: timeout=15

Date: Thu, 27 Dec 2018 12:41:23 GMT

Server: Apache

X-Powered-By: PHP/5.4.45

 

2

 

 

 

0

 

 

Remove Via header for this traffic and website will work fine. Please refer attached screenshot for reference.  At your end also I see Via header being added for request being sent from MWG to destination server .   Via: Forward Proxy  this is what is being seen at your end.

 

 

Also please refer below link for more information on Via header and how to remove it:-

 

https://community.mcafee.com/t5/Documents/Web-Gateway-Via-and-X-Forwarded-For-Headers-Proxy-Loop/ta-...

 

Regards

Alok Sarda

2 Replies
McAfee Employee aloksard
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Can not access websites

Jump to solution

Hi,

Hope you are doing well.

Issue is reproducibale  at my end if I add Via header for the request being sent from MWG to destination serve.  I also get blank page.  At same destination server does not provide response content.

 

Below is seen  at my end:-

 

GET /de HTTP/1.1

Host: sweetsoulxmasrevue.com

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

Accept-Encoding: gzip, deflate

Accept-Language: en-GB,en-US;q=0.9,en;q=0.8

X-Forwarded-For: 172.19.212.56

Upgrade-Insecure-Requests: 1

Via: 1.1 172.19.212.109 (McAfee Web Gateway 7.8.2.4.0.27219)

Connection: Keep-Alive

 

HTTP/1.1 200 OK

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Keep-Alive: timeout=15

Date: Thu, 27 Dec 2018 12:41:23 GMT

Server: Apache

X-Powered-By: PHP/5.4.45

 

2

 

 

 

0

 

 

Remove Via header for this traffic and website will work fine. Please refer attached screenshot for reference.  At your end also I see Via header being added for request being sent from MWG to destination server .   Via: Forward Proxy  this is what is being seen at your end.

 

 

Also please refer below link for more information on Via header and how to remove it:-

 

https://community.mcafee.com/t5/Documents/Web-Gateway-Via-and-X-Forwarded-For-Headers-Proxy-Loop/ta-...

 

Regards

Alok Sarda

Re: Can not access websites

Jump to solution
Thank You very much! Removing the Via-Header did it.
More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support
  • The McAfee ePO Support Center Plug-in is now available in the Software Manager. Follow the instructions in the Product Guide for more.