This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How can I unblock Mac OS' messages app's uploading of media?

I have web filtering enabled, the Personal Network Storage category is allowed, and testing the usden-edge.icloud-content.com domain in the Policy Test tool is approved. However, when I try to send messages via iMessage in the Messages app I get this:

2016:11:29-20:02:41 gw httpproxy[5486]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="PUT" srcip="192.168.1.36" dstip="17.248.133.169" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffParenFilte (Protection Filter Action)" size="2795" request="0x14e80400" url="usden-edge.icloud-content.com/D2xwoVEBWLMvJbICoOpq referer="" error="Received invalid request from client" authtime="0" dnstime="643" cattime="289" avscantime="0" fullreqtime="4685" device="0" auth="0" ua="IMTransferAgent/1000 CFNetwork/807.1.3 Darwin/16.1.0 (x86_64)" exceptions="" category="170" reputation="unverified" categoryname="Personal Network Storage"

error="Received invalid request from client" is the concerning part. I'd be fine bypassing the proxy for these requests, but usden-edge.icloud-content.com resolves to multiple IP addresses via DNS round-robin, and the DNS group only picks up one IP address when I add it.

Is there another way to let these requests bypass the proxy, or even better, see what's going on with the invalid client request and fix it?

Thanks!



This thread was automatically locked due to age.
  • Hi, David, and welcome to the UTM Community!

    statuscode="502"

    Try an exception for AntiVirus scanning. Any luck?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thank you for your reply! I don't know what changed, but I disabled antivirus and re-enabled it and it seems to be working now. It's possible it may have been specific to a group message and my testing recently has been to a single recipient, but it's late enough now that I don't want to try. I'll try that tomorrow.

    And just to be clear, the exception I'd create would be in Web Protection -> Filtering Options -> Exceptions tab, correct?

  • Yes, a couple of exceptions seem to have done the trick. Thank you! For future reference I told it to ignore everything for the following:

    https://setup.icloud.com/.*
    https://[A-Za-z0-9.-]+\.icloud-content.com/.*