Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connection refused on streaming video

Brian@VCC
Hi All,

Astaro Web Gateway V7

Users are trying to access a .EDU site and can successfully, they get a connection refused error when trying to play a streaming video from the site.

I have the site whitelisted in WebSecurity>HTTP/S/URL filtering but obviously something's not correct.

2010:11:11-14:08:50 vcc-prdv-awg01 httpproxy[27652]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="10.10.15.58" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2286" time="1 ms" request="0xa5d5fd50" url="mms.fvtc.edu:8081/.../24YearsOfProgress.wmv
2010:11:11-14:08:50 vcc-prdv-awg01 httpproxy[27652]: [0xa5d5fd50] send_request_headers (request.c:172) write: Connection refused 

Is what I get in the log file.

Please help, thank you.


This thread was automatically locked due to age.
  • 0
    Is the port '8081' in the allowed services list of the http proxy (HTTP/S->Advanced)?
      • 0
        Hi, Brian, welcome to the User BB!

        statuscode="502" is the reason you were blocked; the proxy didn't purposely block you.  Have you selected 'Bypass content scanning for streaming content'?

        If that wasn't the issue, do you see any problem in the Intrusion Prevention log about 2010:11:11-14:08:50?  If not, then your best bet is to avoid the proxy for that site ('Transparent mode skiplist' if you're operating the Proxy in transparent mode).

        Cheers - Bob
         
        Sophos UTM Community Moderator
        Sophos Certified Architect - UTM
        Sophos Certified Engineer - XG
        Gold Solution Partner since 2005
        MediaSoft, Inc. USA
        • 0
          Hi Bob,

          Thanks for the welcome and the quick reply. I checked both settings: 

          What else can I try?  The Intrusion Prevention log is empty.

          I have 198.150.182.0 in the transparent mode skiplist.
          • 0
            It looks like the FQDN in that URL is 198.19.182.85 instead of .0.  Usually though, where you have an FQDN, it's preferable to define it as a DNS Host or DNS Group.  In this case, I probably would create a DNS Host definition "FVTC Media Services" with mms.fvtc.edu.  Always, Always, Always, leave 'Interface' set to >.

            Cheers - Bob
             
            Sophos UTM Community Moderator
            Sophos Certified Architect - UTM
            Sophos Certified Engineer - XG
            Gold Solution Partner since 2005
            MediaSoft, Inc. USA
            • 0 in reply to BAlfson
              Ah that makes sense with the DNS groups.  I have it in now, saved and applied, but I'm still getting connection refused from the Astaro.  

              This is confusing to me, from what I can tell, it should be technically skipping the Astaro all together now right?
            • 0
              See if there's anything else in the HTTP or packet filter logs.

              Cheers - Bob
               
              Sophos UTM Community Moderator
              Sophos Certified Architect - UTM
              Sophos Certified Engineer - XG
              Gold Solution Partner since 2005
              MediaSoft, Inc. USA
              • 0 in reply to BAlfson
                Here is the connection refused log.  I really appreciate the hand holding, this isn't my wheelhouse.

                2010:11:12-10:44:16 vcc-prdv-awg01 httpproxy[28603]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="10.10.15.58" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2260" time="1 ms" request="0xb1e445c8" url="mms.fvtc.edu:8081/.../24YearsOfProgress.wmv" exceptions="" error=""
              • 0
                Hi
                I tried to open the link but it gave me an error (without using Astaro), are you sure the like is right , do you have the right permission to access it (if any)
                • 0 in reply to techuser
                  Yes the link is correct and you do have to auth in the website to get to it.

                  When I bypass the Astaro (by using Firefox) it works as intended.
                • 0
                  Disregard, I just skipped the Astaro by using a Group Policy for that site.  Thanks for the help anyway.
                  • 0
                    Super, that was exactly what was needed; no other way to avoid the 503 error.

                    Cheers - Bob
                     
                    Sophos UTM Community Moderator
                    Sophos Certified Architect - UTM
                    Sophos Certified Engineer - XG
                    Gold Solution Partner since 2005
                    MediaSoft, Inc. USA