Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 69 replies
  • Subscribers 1 subscriber
  • Views 114836 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Netflix for Android now being blocked - why?

Astaro Commando
Currently have a transparent HTTP Proxy enabled. When I try to access Netflix over the android app, I get an error that the service is unavailable. Disabling the proxy fixes it, so it's definitely not an IPS issue.

I was previously able to get this to work by adding the following exceptions:
^https?://[A-Za-z0-9.-]*netflix.com/
^https?://[A-Za-z0-9.-]*llnwd.net/
^https?://[A-Za-z0-9.-]*edgesuite.net/
^https?://[A-Za-z0-9.-]*nflximg.com/
^https?://[A-Za-z0-9.-]*nflxvideo.net

This worked for years but stopped working this week. From what I can tell from the live logs, it looks like Netflix is now using new content servers at the 108.x.x.x address block. From what my traceroutes tell me, there is no DNS name attached to these servers so there is no way for me to mass add them like I did above.

Has anyone else noticed issues? Streaming via HTTP browser works fine.


This thread was automatically locked due to age.
  • 0 in reply to William Warren
    here's what i have:

    iphone/iPad youtube [Work around iPad/Iphone Byterange Bug]
    Skipping: Antivirus / MIME type blocking / Content Removal
    Matching these URLs: ^http://[A-Za-z0-9.-]+\.youtube\.com/videoplayback
    ^http://[A-Za-z0-9.-]+\.googlevideo\.com/videoplayback


     and then another one:
    Main Exceptions List [Allows Adobe Software Update without content scanning side effects.]
    Skipping: Caching / Antivirus / Extension blocking / URL Filter / Content Removal
    Matching these URLs: justin.tv
    ustream.tv
    bitgravity.com
    wcmcs.net
    liquidcompass.net
    cbs.com
    eq2.patch.station.sony.com
    pandora.com
    amazon.com
    llnwd.net
    ubuntu.com
    youtube.com
    wnd.com
    netflix.com
    nflximg.com
    ^https?://([A-Za-z0-9.-]*\.)?adobe\.com/
    cachefly.net
    ^https?://([A-Za-z0-9.-]*\.)?macromedia\.com/
    speedtest.net
    go2service.net
    weatherbug.com
    wxbug.com
    allisonhouse.com
    cod.edu
    caprockweather.com
    noaa.gov

    I found you ahve to except youtube.com without the regular expressions as well..[:)]



    Bob suggested it in his post:
    Very strange. It says that it recognizes it as a stream, so it shouldn't be doing AV. I suppose you could put 108.175.0.0/27 in the skiplist, but, hopefully, Sophos will figure out what's causing the problem and you'll be able to remove that.


    This is definitly a bug!
    You must skip only the virus scanning, I've just successfully tested.
    But we skipped the scanning of the streaming media in the next tab. I think, that this option have no effect. It's possible, that Windows devices can handle this, but no mobile device with IOS or android. 

    And it is not possible to maintain the exceptions list for all blocked meda on every single site.

    Any other ideas?
    Can I report this problem to astaro?

    nice Greetings
  • 0
    with my noted setup i use netflix on jellybean on my galaxy nexus without an issue.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0 in reply to William Warren
    with my noted setup i use netflix on jellybean on my galaxy nexus without an issue.


    Just to confirm - you are on UTM9, correct? Or are you on an older version?
  • 0
    I have a utm9 vm and yes it works fine there too..

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0
    Apparently, there's something different.  I can imagine that it's both a bug and a work-around that William discovered.  I have to say that I don't know that it's a bug, just that it "feels" that way because I don't understand how the problem could occur (but, I don't use Netflix or Android [:)]).  Hopefully, one of the developers of the Web Proxy will see this and explain what's happening.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    i'll fire up the vm something this week and see with the latest v9 version and report back.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0
    nopers..forgot..sorry will fire it up today after hurricane perps are done.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0
    I found this in the known Issues.

    ID20900 9.000 IPS rule 15909 affects netflix streaming (vbr)
    ------------------------------------------------------------------------
    Description:
    Netflix video streaming is influenced of IPS rule 15909.
    When streaming netflix video content through the ASG with
    an "Roku2"-box that uses variable bitrate streaming (HTTP
    based streaming protocol).
                  
    Turning the IPS Rule 15909 off solved the problem.
    Workaround:
    Fixed in:


    Astaro Known Issues - UTM 9

    Nice greetings
  • 0
    no issues so far..been on utm9 vm for a bit now

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

Unfiltered HTML