Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 9962 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Crossdomain Access Denied

rsenio
I've got an issue with a few sites. I'll place an example here. Proxy is setup as a standard proxy, wpad/pac file from the UTM, Active Directory Auth, DHCP option 252. A second transparent proxy is second on the list for those guests that get DHCP from a guest wifi router, no Auth, and no option 252.

If I visit Rogers Place – Live View – Concourse Camera using the standard proxy, I get "Cannot load m3u8. Crossdomain access denied"

If I hook up to the guest wifi, and surf through the transparent proxy it works.

In my auto config I've tried 
if (shExpMatch(url, "http://*rogersplace.com/*")) return "DIRECT";

But the traffic still appears in my log. And I've also tried an exception (filtering options-exceptions) selecting all the options. Still not working, same error. What's going on?

I have also noticed that the download manager for Solidworks didn't work as well. I tried the same exception in the wpad/pac file, but it didn't work until I made an exception (filtering options-exceptions)

When traffic is DIRECT, it should bypass the proxy all together no?


This thread was automatically locked due to age.
Parents
  • 0
    No, because you don't have correct RegEx synatx...
    "http://.*\.solidworks\.com/" would basically fit.

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
  • 0 in reply to scorpionking
    No, because you don't have correct RegEx synatx...
    "http://.*\.solidworks\.com/" would basically fit.


    Thats the syntax for the auto config pac/wpad?

    Here is what I have now....so all the "direct" options have the wrong syntax?

    function FindProxyForURL(url, host) {
        //Don't proxy connections to the UTM web interface
        if (shExpMatch(url, "https://${asg_hostname}*")) return "DIRECT";
        if (shExpMatch(url, "https://" + dnsResolve(host) + "*")) return "DIRECT";
        //Exclude non-fqdn hosts from being proxied
        if (isPlainHostName(host)) return "DIRECT";
        //Don't proxy connections to the exempted URL matches
        if (shExpMatch(url, "*.local/*")) return "DIRECT";
        if (isInNet(host, "192.168.0.0", "255.255.0.0")) return "DIRECT";
        if (shExpMatch(url, "http://192.168.30.*")) return "DIRECT";
        if (shExpMatch(url, "http://192.168.40.*")) return "DIRECT";
        if (shExpMatch(url, "http://192.168.50.*")) return "DIRECT";
        if (shExpMatch(url, "http://192.168.51.*")) return "DIRECT";
        if (shExpMatch(url, "http://192.168.52.*")) return "DIRECT";
        return "PROXY sophosutm.cc.local:8080";
    }


    Hmm...bottom of this page uses similar syntax as to what I had
    https://www.websense.com/content/support/library/web/v76/pac_file_best_practices/PAC_best_pract.aspx
Reply
  • 0 in reply to scorpionking
    No, because you don't have correct RegEx synatx...
    "http://.*\.solidworks\.com/" would basically fit.


    Thats the syntax for the auto config pac/wpad?

    Here is what I have now....so all the "direct" options have the wrong syntax?

    function FindProxyForURL(url, host) {
        //Don't proxy connections to the UTM web interface
        if (shExpMatch(url, "https://${asg_hostname}*")) return "DIRECT";
        if (shExpMatch(url, "https://" + dnsResolve(host) + "*")) return "DIRECT";
        //Exclude non-fqdn hosts from being proxied
        if (isPlainHostName(host)) return "DIRECT";
        //Don't proxy connections to the exempted URL matches
        if (shExpMatch(url, "*.local/*")) return "DIRECT";
        if (isInNet(host, "192.168.0.0", "255.255.0.0")) return "DIRECT";
        if (shExpMatch(url, "http://192.168.30.*")) return "DIRECT";
        if (shExpMatch(url, "http://192.168.40.*")) return "DIRECT";
        if (shExpMatch(url, "http://192.168.50.*")) return "DIRECT";
        if (shExpMatch(url, "http://192.168.51.*")) return "DIRECT";
        if (shExpMatch(url, "http://192.168.52.*")) return "DIRECT";
        return "PROXY sophosutm.cc.local:8080";
    }


    Hmm...bottom of this page uses similar syntax as to what I had
    https://www.websense.com/content/support/library/web/v76/pac_file_best_practices/PAC_best_pract.aspx
Children
No Data
Unfiltered HTML