8 Replies Latest reply: Nov 28, 2012 2:01 AM by fab RSS

    MWG 7.2/7.3 Media Typ Filtering CRL/OCSP Requests

    fab

      Dear Community

       

      Setup: Media Type Filtering with default Rules --> Block undetectable Data: Property List.OfMediaType.IsEmpty (MediaType.EnsuredTypes) == true

       

      Looks like OCSP/CRLs requets are dropped with this rule for example:

      |403|POST http://ocsp.thawte.com HTTP/1.1|Business, Software/Hardware|Minimal Risk||3287|353|Mozilla/4.0 (Windows 7 6.1) Java/1.7.0_09||20||ocsp.thawte.com

       

      This issues seems to be with all OCSP/CRL Requests to Thawte or Verisign URLs. Any other idea to solve this problem other then whitelisting these requests?

       

      Working Bypass Log Entry:

      200|POST http://ocsp.thawte.com HTTP/1.1|Business, Software/Hardware|Minimal Risk|application/ocsp-response|1605|353|Mozilla/4.0 (Windows 7 6.1) Java/1.7.0_09||0||ocsp.thawte.com

       

      Note:

       

      - Looks like the Media Type is not detected, if passed through the Media Typ /Composite Opener the application requests is identified: "application/ocsp-response"

      - Authentication works fine

       

      Thanks for your input!

       

      Regards,

      Fab