This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

some IPTV streams blocked while others not...stumped!

I am using an IPTV provider for channels streams. The stations url format is as follows: https://URL.xyz:443/play/random.letters/ts 

But some channels are working and others are not. I am stumped at what is making UTM block some stations and not others !! The only difference in the link is the "random.letters" part.



This thread was automatically locked due to age.
Parents
  • Hi and welcome to the UTM Community!

    Copy here a few lines from the Web Filtering log where a station is blocked.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • It isn't showing that it was blocked I guess, but it times out. There is no issue streaming when I take the firewall off.

    2021:10:19-14:01:48 UTM httpproxy[5108]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.3.92" dstip="URL.IP" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6834" request="0xd55b5500" url="https://URL.xyz/" referer="" error="" authtime="0" dnstime="7" aptptime="149" cattime="0" avscantime="0" fullreqtime="379765" device="0" auth="0" ua="" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
    
    2021:10:19-14:02:10 UTM httpproxy[5108]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.3.92" dstip="URL.IP" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6839" request="0xd9465500" url="https://URL.xyz/" referer="" error="" authtime="0" dnstime="13" aptptime="287" cattime="0" avscantime="0" fullreqtime="378286" device="0" auth="0" ua="" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
    
    2021:10:19-14:02:33 UTM httpproxy[5108]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.3.92" dstip="URL.IP" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6840" request="0xd8de6700" url="https://URL.xyz/" referer="" error="" authtime="0" dnstime="12" aptptime="319" cattime="0" avscantime="0" fullreqtime="358483" device="0" auth="0" ua="" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"

    My VLC player log shows:

    http error: local stream 1 error: Cancellation (0x8)
    gnutls error: TLS handshake error: Error in the push function.
    main error: TLS session handshake error
    main error: connection error: Interrupted function call
    access error: HTTP connection failure


    thank you. 

  • We're looking for lines without action=pass.  You'll probably also see statuscode="5. or statuscode="4.  You might get some of these lines with:

         cd /home
         grep 'statuscode="[45]' /var/log/http.log|more

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thank you BAlfson. 
    Unfortunately I am not seeing any action=fail related to the IPTV link even though the channels in question are trying to stream but failing. . Opening traffic on the UTM clears all streams. 


  • Without relevant lines from the log, it's hard to help you.  A WAG would be to add a DNS Group for the FQDN to the Transparent mode skiplist on the 'Advanced' tab.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Without relevant lines from the log, it's hard to help you.  A WAG would be to add a DNS Group for the FQDN to the Transparent mode skiplist on the 'Advanced' tab.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data