Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1093 Views 8 Replies Latest reply: Nov 28, 2012 2:01 AM by fab RSS
fab Newcomer 9 posts since
Nov 24, 2009
Currently Being Moderated

Nov 6, 2012 6:34 AM

MWG 7.2/7.3 Media Typ Filtering CRL/OCSP Requests

Dear Community

 

Setup: Media Type Filtering with default Rules --> Block undetectable Data: Property List.OfMediaType.IsEmpty (MediaType.EnsuredTypes) == true

 

Looks like OCSP/CRLs requets are dropped with this rule for example:

|403|POST http://ocsp.thawte.com HTTP/1.1|Business, Software/Hardware|Minimal Risk||3287|353|Mozilla/4.0 (Windows 7 6.1) Java/1.7.0_09||20||ocsp.thawte.com

 

This issues seems to be with all OCSP/CRL Requests to Thawte or Verisign URLs. Any other idea to solve this problem other then whitelisting these requests?

 

Working Bypass Log Entry:

200|POST http://ocsp.thawte.com HTTP/1.1|Business, Software/Hardware|Minimal Risk|application/ocsp-response|1605|353|Mozilla/4.0 (Windows 7 6.1) Java/1.7.0_09||0||ocsp.thawte.com

 

Note:

 

- Looks like the Media Type is not detected, if passed through the Media Typ /Composite Opener the application requests is identified: "application/ocsp-response"

- Authentication works fine

 

Thanks for your input!

 

Regards,

Fab

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points