cancel
Showing results for 
Search instead for 
Did you mean: 
hazwan
Level 7

socks connection being blocked

Hi All,

Have you encountered the website that using socks connection after login into it? Currently I already whitelist the url inside global whitelist. From the tracing, users will hit global whitelist in the rule set then it will blocked by global blocklist categories (internet services). I have checked that stravis.isid.co.jp using aws system. I also put ssl scanner bypass for aws ip range, event though it still blocked by global blocklist. We dont want to allow internet services categories because it has big database inside it and will allow others website too. We only want to enable this site only. How do I allow this IP that use socks connection? (see attached)socks blocked.jpgaws ssl bypass.PNG

Thank You.

Regards,

Hazwan

0 Kudos
2 Replies
McAfee Employee

Re: socks connection being blocked

Hi Hazwan,

You're screenshots do not provide enough context to answer your question.

Based on the rule trace the request "SOCKS://54.x.x.x:443" is being blocked. So the rule you took a screenshot of, is irrelevant. I would guess you entered the Global Whitelist entry incorrectly. The rule trace will likley show that your global whitelist rule did not match.

Be sure to brush up on our Rule Tracing best practice:

Best Regards,

Jon

0 Kudos
hazwan
Level 7

Re: socks connection being blocked

Hi Jon,

Thanks for your support and assistance. The problem solved after I put the correct entry in Global Whitelist.

Thank You.

Regards,

Hazwan

0 Kudos