Endpoint Web Protection - max link length? Adobe Creative Cloud download fails

Thank you for reaching the community forum. 

I tried to replicate downloading the Adobe creative cloud via open source link https://www.adobe.com/ph_en/creativecloud/desktop-app.html 

And was able to download the exe file. When I tried to run it, it redirected me to on below prompt though I wasn't able to process it since it requires me an account to sign in, which I don't have. 



May we know which process you’re currently stuck in? I'm currently using the default settings on my web control policy. 

Hi GlennSen 

thanks for testing download of ACC - regardless you could not finish it due to Adobe account required.

And it would be interesting to know if a length limitation exists in the Endpoint. I'm quite sure it is.

Using the EAP endpoint with decryption.

a download of the installer is possible by this link without authentication

creativecloud.adobe.com/.../creative-cloud

and again I needed to disable web control in the agent

"Web Control" is policy-based enforcement (blocking categories of websites), not protection from known bad sites. Perhaps there is something in your web control policy that is triggering this?

I don't think so. The issue can be recreated at any time. And probably a max link length is unknown to Sophos.

When trying this on a test device, I can see a very long URL generated from the Downloads page within Chrome. The URL I see is about 1462 characters long. 

The base URL "prod-rel-ffc-ccm.oobesaas.adobe.com" returns "Computing & Internet" as the Web Control category. 

When checking the logs, and comparing the URL to what is returned within your Web Browser, is the length of the URL different?

If you could let me know if your Web C policy has configured "exe" files to "Warn", and if you have HTTPS/SSL Decryption enabled, this will also help. 

Thank you!

Hi,

yes, we decrypt with EAP and warn for exe

download works with decryption exception for oobesaas.adobe.com. But as written initially, I'd like to know why downloading did not work with default settings - and the strange link with that huge length may be the reason why packet inspection of the endpoint cannot handle it correctly.

Can you confirm?

btw: link is 1642 characters long for me

Hi,

yes, we decrypt with EAP and warn for exe

download works with decryption exception for oobesaas.adobe.com. But as written initially, I'd like to know why downloading did not work with default settings - and the strange link with that huge length may be the reason why packet inspection of the endpoint cannot handle it correctly.

Can you confirm?

btw: link is 1642 characters long for me

I can confirm that the URL length is not the culprit for the issues you're experiencing. 

Checking internally, I do see that an issue with warn pages being displayed when downloading items from the Adobe website, has been raised previously but no immediate solution was found. 

Qoosh  could you get information on this link length question?

Web filtering does not enforce any maximum length on the URL. This applies to both Web Control and Web Protection. 

OK, webfiltering has none, eventually https decryption / IPS has it in combination with web filtering and / or warning for exe files.

I have noticed your PM. Thanks for getting infos together.