[8.285][QUESTION][ANSWERED] Web Filtering Question

How do I debug a problem that shows up when web filtering is enabled? I had web filtering off, but decided to turn it back on. I know this worked a long time back, but many things have changed in that time.

Problem - Sonos Rhapsody client will not update the channel lists.

all that is showing up in the web filter logs is -
2011:12:04-15:15:54 brk httpproxy[9942]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.243" dstip="66.150.171.142" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2133" request="0xee703710" url="direct.rhapsody.com/.../RhapsodyDirectMetadata" exceptions="av,auth,content,url,mime,cache,fileextension" error=""
2011:12:04-15:16:34 brk httpproxy[9942]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.243" dstip="66.150.171.142" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="169950" request="0xa06fd00" url="direct.rhapsody.com/.../RhapsodyDirectMetadata" exceptions="av,auth,content,url,mime,cache,fileextension" error=""
2011:12:04-15:18:06 brk httpproxy[9942]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.243" dstip="66.150.171.142" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2133" request="0xa06fa30" url="direct.rhapsody.com/.../RhapsodyDirectMetadata" exceptions="av,auth,content,url,mime,cache,fileextension" error=""
2011:12:04-15:18:47 brk httpproxy[9942]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.243" dstip="66.150.171.142" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="171268" request="0xa0281b8" url="direct.rhapsody.com/.../RhapsodyDirectMetadata" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension" error=""

Which is showing the exception placed for that server.

If I disable web filtering then the application works properly.

I am trying to avoid adding a total exclusion for the server.

Parents

0 brk over 12 years ago

Fun with wireshark...  This is wireshark running on the machine running the rhapsody client.

Case 1 - PASS - direct.rhapsody.com added to the transparent proxy skip host list on the advanced tab.  Client is requesting data, says will accept gzip, server appears to be responding with compressed data.

--------------------
POST /metadata/services/RhapsodyDirectMetadata HTTP/1.1

CONNECTION: close

ACCEPT-ENCODING: gzip

HOST: direct.rhapsody.com

USER-AGENT: Linux UPnP/1.0 Sonos/16.5-47300b (PCDCR)

CONTENT-LENGTH: 363

CONTENT-TYPE: text/xml; charset="utf-8"

SOAPACTION: "urn:kani#getProgrammedStations"

0100********401342HTTP/1.1 200 OK

Date: Wed, 07 Dec 2011 04:01:18 GMT

Server: Apache-Coyote/1.1

Content-Type: text/xml;charset=utf-8

Connection: close

Cache-Control: private

Content-Encoding: gzip

Transfer-Encoding: chunked

3818

...........}ks.H..w..r....."ER/...C.[.m.^Q....76.D......@4....,...jSZrB..q.$.@...8.......8R7.e.M..K...E..o.0....".......Efuj..g......(....Is..k.....o.q../.E..9.'......8|.........?........J.]....|z.9...c.?.l.j.b....1..l\..lph...c.......

Case 2 - This case failed.  Same stream, but this time with the IP address of the server removed from the advanced tab "skip transparent mode" and the regular expression added to the exclusion tab. The exclusions are being honored per the web filter log.   This time the server is responding with uncompressed data.

POST /metadata/services/RhapsodyDirectMetadata HTTP/1.1

CONNECTION: close

ACCEPT-ENCODING: gzip

HOST: direct.rhapsody.com

USER-AGENT: Linux UPnP/1.0 Sonos/16.5-47300b (PCDCR)

CONTENT-LENGTH: 363

CONTENT-TYPE: text/xml; charset="utf-8"

SOAPACTION: "urn:kani#getProgrammedStations"

0100********401342HTTP/1.1 200 OK

Date: Wed, 07 Dec 2011 03:59:37 GMT

Server: Apache-Coyote/1.1

Content-Type: text/xml;charset=utf-8

Cneonction: close

Transfer-Encoding: chunked

Connection: close

adc

2071000Nick DedinaForget the modern revision -- here are the real songs and artists that ruled the 1950s.
From Patti Page to Elvis the Pelvis, we tell the whole truth about th

Thoughts -
  1.  Sonos/Rhapsody client has a bug and can't handle the uncompressed data?  This seams unlikely, as the same symptoms appear on several different clients (Windows, iPhone, sonos hardare).  Of course, they probably share libraries...
  2.  Gzip or not doesn't matter, something else is getting messed up and I need to look at wireshark some more!
  2.  Why is the data coming back different in the two cases?  Is this allowed?  (I assume it is allowed, as the gzip is a request and not a requirement)
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 brk over 12 years ago

Fun with wireshark...  This is wireshark running on the machine running the rhapsody client.

Case 1 - PASS - direct.rhapsody.com added to the transparent proxy skip host list on the advanced tab.  Client is requesting data, says will accept gzip, server appears to be responding with compressed data.

--------------------
POST /metadata/services/RhapsodyDirectMetadata HTTP/1.1

CONNECTION: close

ACCEPT-ENCODING: gzip

HOST: direct.rhapsody.com

USER-AGENT: Linux UPnP/1.0 Sonos/16.5-47300b (PCDCR)

CONTENT-LENGTH: 363

CONTENT-TYPE: text/xml; charset="utf-8"

SOAPACTION: "urn:kani#getProgrammedStations"

0100********401342HTTP/1.1 200 OK

Date: Wed, 07 Dec 2011 04:01:18 GMT

Server: Apache-Coyote/1.1

Content-Type: text/xml;charset=utf-8

Connection: close

Cache-Control: private

Content-Encoding: gzip

Transfer-Encoding: chunked

3818

...........}ks.H..w..r....."ER/...C.[.m.^Q....76.D......@4....,...jSZrB..q.$.@...8.......8R7.e.M..K...E..o.0....".......Efuj..g......(....Is..k.....o.q../.E..9.'......8|.........?........J.]....|z.9...c.?.l.j.b....1..l\..lph...c.......

Case 2 - This case failed.  Same stream, but this time with the IP address of the server removed from the advanced tab "skip transparent mode" and the regular expression added to the exclusion tab. The exclusions are being honored per the web filter log.   This time the server is responding with uncompressed data.

POST /metadata/services/RhapsodyDirectMetadata HTTP/1.1

CONNECTION: close

ACCEPT-ENCODING: gzip

HOST: direct.rhapsody.com

USER-AGENT: Linux UPnP/1.0 Sonos/16.5-47300b (PCDCR)

CONTENT-LENGTH: 363

CONTENT-TYPE: text/xml; charset="utf-8"

SOAPACTION: "urn:kani#getProgrammedStations"

0100********401342HTTP/1.1 200 OK

Date: Wed, 07 Dec 2011 03:59:37 GMT

Server: Apache-Coyote/1.1

Content-Type: text/xml;charset=utf-8

Cneonction: close

Transfer-Encoding: chunked

Connection: close

adc

2071000Nick DedinaForget the modern revision -- here are the real songs and artists that ruled the 1950s.
From Patti Page to Elvis the Pelvis, we tell the whole truth about th

Thoughts -
  1.  Sonos/Rhapsody client has a bug and can't handle the uncompressed data?  This seams unlikely, as the same symptoms appear on several different clients (Windows, iPhone, sonos hardare).  Of course, they probably share libraries...
  2.  Gzip or not doesn't matter, something else is getting messed up and I need to look at wireshark some more!
  2.  Why is the data coming back different in the two cases?  Is this allowed?  (I assume it is allowed, as the gzip is a request and not a requirement)
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data