Flash itself should run through MWG without any issues. The problem with the example you have shown is not the Flash Object itself, but it is a Video player application that tries to load a video and display it. There are several things wrong with that Video, this is why MWG blocks it.
The video is loaded in the background from a host called "slideshow.brookdaleliving.com". The problem is that this server does not communicate the correct Media Type for the video, but the Server tells us a Media Type of "text/plain". Therefore the request is blocked by the Media Type Filter (assuming a default configuration of MWG) and additionally the video is sent to the AntiMalware Engine, which tries to filter a Text-file and therefore breaks the request.
You should bypass the above mentioned URL from the Medie Type Filter and from the AV filtering to have it working through MWG, as seen below:
The rule above just skips the current Rule set. I have put it in as the first rule in both
"Global Media Type Filtering" -> "Download Media Types"
Please note that I tested with a default configuration of MWG, therefore you may need to adjust the position of that rule.
I hope this helps.
Thanks Andre, works great now. Can I ask you for a few tips on how you reached that diagnosis? I wasn't able to tell much from my logs, because it seemed the process was breaking before it was even able to log. Did you run a packet trace or just use process of elimination?
Your help is greatly appreciated.
1 of 1 people found this helpful
in this case it was relatively easy. The biggest issue in most cases is that you do not see those "embedded" objects, which are loaded from the "obvious" URL you have called originally. I like to work with Firefox and an add-on called Firebug, which can easily reveal what is going on. I have configured a very basic MWG7 into my test instance of Firefox and called the URL you have mentioned.
The Flash object did not show up, so I was able to replicate an issue immediatly. This is the Output Firebug drew for me on the Screen:
Sorry that it is in German, but is should basically give you some idea. What you can see is that the URL you called is trying to load additional URLs and you can see in very detail from which host and what the status code is. You can see that the .swf file from the URL "slideshow.brookdaleliving.com" was blocked with a 403 response.
I right clicked the blocked object and chose "Open in new tab", and I was presented with the complete block page:
Now I knew the URL and the Rule Set (Media Type Filters, for downloads of course), so I decided to put in a Rule that skips that Rule to see how it goes.
After that I was at least able to see "something", even if the movie did not yet play.The Firebug Output changed:
I noticed the "*.m4v" file, which I knew as an extension for videos. I noticed the "307" status code, which means that MWG is trying to filter this object and is presenting the progress pages for this object. Again when you open the link in a new tab you notice what MWG is doing - It shows you the Progress Pages. Obviously the player object is not capable of working with the progress pages so this behaviour had to be changed.
I wondered why we would filter that object as it is a streaming video, which should not be completely downloaded by the AV engine. Therefore I first turned off Progress Pages and re-tried to download the Movie. I was able to see that the Video did not yet show up because it was delayed, but without the Progress Pages I was able to check the HTTP Response Header in Firebug:
I know that I was not expecting a text/plain file (see the Content-Type header), but a video instead. If there was a correct Content-Type MWG would be aware that the file coming in is a video, and would most likely have passed the data to the client in the right way. But because of this problem the file is completely downloaded and only after it has passed all tests it would be forwarded to the Client.
So I decided to copy my rule from the Media Type Rule set and put it into the "AntiMalware" Rule set as well.
I refreshed the page and saw the video :-)
I hope this makes sense somehow. Of course this is not the best approach to solve all problems, but it is one of the techniques that may allow you to better understand what is going on. Please let me know if this helps you and/or you have additional questions :-)
sometime the user does not see any information about blocked content.
Therefore i defined an own Access Denied LOG where all blocked Requests are logged. The Rule Name of the blocking action is also stored.
Perhaps this helps a little bit.
Access Denied Logs V2.xml 35.1 K