some IPTV streams blocked while others not...stumped!

I am using an IPTV provider for channels streams. The stations url format is as follows: https://URL.xyz:443/play/random.letters/ts 

But some channels are working and others are not. I am stumped at what is making UTM block some stations and not others !! The only difference in the link is the "random.letters" part.

  • Hi and welcome to the UTM Community!

    Copy here a few lines from the Web Filtering log where a station is blocked.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • It isn't showing that it was blocked I guess, but it times out. There is no issue streaming when I take the firewall off.

    2021:10:19-14:01:48 UTM httpproxy[5108]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.3.92" dstip="URL.IP" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6834" request="0xd55b5500" url="https://URL.xyz/" referer="" error="" authtime="0" dnstime="7" aptptime="149" cattime="0" avscantime="0" fullreqtime="379765" device="0" auth="0" ua="" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
    
    2021:10:19-14:02:10 UTM httpproxy[5108]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.3.92" dstip="URL.IP" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6839" request="0xd9465500" url="https://URL.xyz/" referer="" error="" authtime="0" dnstime="13" aptptime="287" cattime="0" avscantime="0" fullreqtime="378286" device="0" auth="0" ua="" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
    
    2021:10:19-14:02:33 UTM httpproxy[5108]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.3.92" dstip="URL.IP" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6840" request="0xd8de6700" url="https://URL.xyz/" referer="" error="" authtime="0" dnstime="12" aptptime="319" cattime="0" avscantime="0" fullreqtime="358483" device="0" auth="0" ua="" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"

    My VLC player log shows:

    http error: local stream 1 error: Cancellation (0x8)
    gnutls error: TLS handshake error: Error in the push function.
    main error: TLS session handshake error
    main error: connection error: Interrupted function call
    access error: HTTP connection failure


    thank you. 

  • We're looking for lines without action=pass.  You'll probably also see statuscode="5. or statuscode="4.  You might get some of these lines with:

         cd /home
         grep 'statuscode="[45]' /var/log/http.log|more

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • We had a case, videos where not accesable also when the news page was not blocked.

    It turned out Sophos blocked the Ad's that lay before the video. Solution: We did not touch the Adfilter in Sophos, we just installed Adblock+ and the user could play all the videos on this page without any problems. Also an adblock made the user surfing more secure and faster.

    Hope this can help, at least you can give it a try.

  • Thank you BAlfson. 
    Unfortunately I am not seeing any action=fail related to the IPTV link even though the channels in question are trying to stream but failing. . Opening traffic on the UTM clears all streams. 


  • thx bumblebee.

    The channel streams are direct streams without ads preloading. They would be loaded off VLC player or any media player. Moreover, there isn't any difference between channel A (not blocked) and channel B (blocked) other than few different letters in the URL. 

  • Without relevant lines from the log, it's hard to help you.  A WAG would be to add a DNS Group for the FQDN to the Transparent mode skiplist on the 'Advanced' tab.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA