cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ThomasSu
Level 9
Report Inappropriate Content
Message 1 of 6

Website got improper content after enable https scanning

Hi,

We get the issue when enable https scanning, even with the default policy.

 

https://developer.android.com/reference/java/util/stream/LongStream

https://www.tensorflow.org/versions/r1.13/api_docs/python/tf

 

It's random happened. When it happened it might look like this. And in the first told just bypass them. After insist said no, he told it's website issue.  It's tired to talk with the support.

Does anyone can help this issue?

擷取error.PNGdeveloper.android.com-2.jpgblank.jpg2019-07-26_143942.jpg

5 Replies
mkutrieba
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Website got improper content after enable https scanning

Hello,

have you noticed any pattern? Maybe based on daytime or on browser, user etc.?

Further, it sounds like you had a SR open? If yes, can you please PM me the SR number that I can have a look at the data?

I did a quick test and refreshed both sites multiple times over last 30 minutes but did not face any issue. Tomorrow, I can begin my testing in the morning and try it out over the whole day with different browsers.

If it can be reproduced, I will create a browser network trace (HAR file), rule trace, tcpdump and connections trace at the same time and look in it to see if I can find something or not.
If you have an open SR with same data, so much the better.

Regards,
Marcel Kutrieba
Technical Support Engineer

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
ThomasSu
Level 9
Report Inappropriate Content
Message 3 of 6

Re: Website got improper content after enable https scanning

@mkutrieba , the SR is 4-20095389361.

I am quite busy recently and no time to collect related information by support. And he told me archive this SR and can open it when I am free. But I check this one's status is closed...

Back to the topic, the issue can be reproduced by refresh  but not every time. Our production environment  is easy to get the issue. In the lab only with one user traffic, it need time and lucky. The information you request I should upload before. 

Both sites are large data in the one page. Although I doubt something wrong to handle this kind of content, might be ssl performance, opener or others. Still no idea what's wrong. Hope you can find it out.

Regards,

Thomas

mkutrieba
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: Website got improper content after enable https scanning

Hello,

 

thanks for the info, I try to check this SR later and see if I can find anything and let's see if I can reproduce it too.

Regarding the data, please await further response from my side. Want to check SR and in my lab before we gather new data on your end. Also a new SR would be needed which I could take over then. Sensitive data should not be uploaded here in the community.

Regards,
Marcel Kutrieba
Technical Support Engineer

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
mkutrieba
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 6

Re: Website got improper content after enable https scanning

Hello @ThomasSu 

 

I could reproduce the issue and think it is related to HTTP2 somehow (but not 100% sure).
I only tested with following URL so far:
https://developer.android.com/reference/java/util/stream/LongStream

 

When HTTPS scanner is enabled and we do content inspection, we also do HTTP2 if available. In this case I could few times (1 from 50 attempts) reproduce the issue (left side bar shows weird content, main/right side stays blank).

I created a har file in the browser and could see that my client got improper HTML content back. The beginning lines (do not know how many) seem to look the same between a good and bad example but the end  of my HTML response looked like:
"/images/lockup.svg","https://fonns.googleapis.com/css?family=Roboto:300,400,400italic,500,500italic,700,700italic|Roboto+...]')
o/scripn> o/body>
o/html>""

At the end you can see this weird o/body etc. sometimes it was 0/ or s/body.
The good/working example looks normal:
" </script> </body>
</html>"

I also created connection traces but could not read the external traffic because it seems to be decoded.
I am trying to reproduce this again and also create a tcpdump this time where I can decode the HTTPS traffic with SSL keys from connection traces.
So we should be able to find out, whether this improper HTML is received from webserver and simply forwarded to client or if MWG is misbehaving here.

 

If you want and are interested in testing, you can create a rule which only deactivates HTTP2 support for given URL host and then observe it.
Example rule:
URL.Host equals developer.android.com, Event: Enable Proxy Control
Within this proxy control setting, scroll to HTTP2 support action, enable the option and select "No" HTTP2 support.

 

I will update here again once I have the proper data and can read the external traffic to see where this is coming from. I hope I am on the correct direction 😊

Regards,
Marcel Kutrieba
Technical Support Engineer

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
mkutrieba
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Website got improper content after enable https scanning

Hi Thomas,

 

I have opened a new SR and will contact you from there. I have gathered the information but I am not able to decode the HTTP2 gzipped response. So I have created this new SR, and escalate this to engineering soon.

 

I will update this community thread later with final answer/solution if available for documentation purpose.

Regards,
Marcel Kutrieba
Technical Support Engineer

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community