cancel
Showing results for 
Search instead for 
Did you mean: 

URL filtering with wccp not working

I have a Web Gateway virtual, where I have configured wccp. Wccp is redirecting requests so its working fine. But URL filtering is not working. I have blocked cnn.com as a test, created an wildcard entry *cnn.com*.

If I set my proxy as explicit in my browser settings, URL filtering works. Everything I set to be blocked is being blocked.

When I let wccp do the redirecting, URL filtering is not working. In my live trace, I don't even see cnn.com, I just see IPs mostly.

It blocks certain IPs that are categorized as websites with bad reputation. That is standard config, mcafee maintained lists. But is not filtering anything custom.

I also have whitelisted SKYPE IPs and its causing skype to sign out and sign in every 5 min. Had to add a deny statement in my wccp ACL to not even send skype through the proxy.

Any input is appreciated

Erga

 

 

2 Replies

Re: URL filtering with wccp not working

From researching around I see why this is not working. This is a transparent setup and the host does its own dns lookup. All it sends to the web gateway is an IP. I need to set up the ssl scanner and the fix hostname ruleset.

Anybody has any documentation on how to do this, other than the generic ones I find in this website.

McAfee Employee aloksard
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: URL filtering with wccp not working

Hi,

Hope you are doing well.

You are  correct here.

Please refer below link for complete details on this:-

https://community.mcafee.com/t5/Documents/Web-Gateway-HTTPS-in-transparent-deployments-and-how-SNI-c...

 

 In a transparent deployment (WCCP, transparent router, etc.) there is a problem - the client is not 'aware' of the upstream proxy.  As such, the client will perform its own DNS lookup to resolve the requested host to an IP, and then will make a request for that particular IP.  When this request arrives at the Web Gateway, all the Web Gateway 'knows' about the request is the destination IP.

 

in case of Explicit proxy mode , after TCP 3 way handshake, CONNECT request is being sent for HTTPS request which contains URL.host information for MWG’s information and then SSL handshake starts.

 

In case of transparent setup  , after TCP 3 way handshake wherein source IP Address will be actual client IP Address and destination IP Address will be the IP Address of the server which DNS response gave. In this case no CONNECT request is there.

 

So MWG only basically sees the destination IP Address which it will use for filtering and as common name in the certificate it presents to client.

 

In order to overcome this , MWG can make use of SNI information being sent in Client hello from the client and if not present, it can make use of fix hostname rule,  wherein first MWG initiates an SSL connection with server and gets certificate from it and from that certificate , it takes common name as URL.host.

 

You can make use of Fix Hostname - rule.

 

Also please refer below link for more information on SSL Scanning MWG:-

 

https://community.mcafee.com/t5/Documents/Web-Gateway-Understanding-quot-Client-Context-quot/ta-p/55...

 

https://community.mcafee.com/t5/Documents/Web-Gateway-SSL-Scanner-Rule-Examples/ta-p/554132

 

 

Regards

Alok Sarda

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community