Web Shield with provider-proxy

[Fract504]

Hello,

I checked out the new Web Shield provider and have some problems with it.
When I set IE or Firefox to directly surf the internet, everything is fine and Web Shield works as it should.

When I set IE or Firefox to use a proxy of my provider and tell Web Shield to listen to 80,8080 (8080 is the destination port to my providers-proxy) then only "easy pages" are being loaded.

e.g.
www.google.com loads fine
news.google.com only loads the text portion, but keeps trying to load the images.

When I stop the web shield provider everything runs fine again.

Can anybody tell me what I am doing wrong  or a solution (besides not using the providers proxy) 

[Vlk]

First of all, what are you trying to accomplish? If it works fine after installation, why are you trying to change it (if it ain't broke don't fix it

Next, what OS are you using?
How did you customize the WebShield? I don't understand why you changed the monitored port from 80 to 80,8080 - do you want to scan traffic that's going out on port 8080?

Cheers
Vlk

[frampo]

I'm getting similar results.
Https sites do not load.
And windows messenger does not load.
So far this is only effected on the client computer on my home network.

I have yet to check out the host computer.
I am using the following.
WinXP Sp2, on both machines.
Ezproxy from Lavasoft, on the host machine.

I too have turned the web shield off

Dan

[Fract504]

I activated Web Shield and set it to show "Details" when scanning.
After I launched my Firefox, I discovered that nothing was actually being scanned. And this is quite logical, because I use the proxy of my provider and so Firefox does not go out to port 80, but to port 8080 of the proxy of my provider.
So I told Web Shield to look for redirected Ports 80,8080.

After launching firefox again with this new configuration, www.google.com launched fine and I also saw the scanning of this URL in the right hand corner correctly.
Then I launched news.google.com, but only the text came up, but not the images.
Then I disabled web shield and everything was fine again...

When I use Web Shield without to provider proxy, then also everything is fine. But I want to use the provider proxy... (for whatever reason...)

I am using Windows XP with Servicepack 2 and all security hotfixes.
The only thing I customized in WebShield is that I entered redirected ports 80,8080 so Web Pages from my providers-proxy are also scanned...

Will still do some tests, but for now this behavior is replayable and not random...

So in short for me:
Web Shield without proxies on in  IE or Firefox: OK
Web Shield with proxies on in IE or Firefox: Not OK
(at least with the proxy of my provider...)

Does this help VLK? Please tell me if you need other data, or If I should test something else for you....

[Vlk]

Fract, try the following:

1. revert the port to 80 only
2. open the file <avast>\data\avast4.ini, and add the following to the [WebScanner] section
UpstreamProxyHost=address_of_your_proxy_server
UpstreamProxyPort=8080
3. in your browser, change the proxy settings to
server: localhost
port: 12080

Would that resolve the problem? BTW set this parameters for HTTP protocol only (no HTTPS or FTP)


frampo, what is ezproxy from Lavasoft? Does disabling it solve the problem (i.e. is this a conflict with ezproxy)?

Thanks
Vlk

[frampo]

I put the address of the host in the ignored address's.
And now it works.

Dan

[Vlk]

Which host? And does it really work? (I mean, does the WebShield scan)?

Thanks
Vlk

[frampo]

Sorry to clarify.
On my client computer, I entered the host address into ignor addresses box.

Host, running the proxy, 192.168.0.100
Client, 192.168.0.2

and it works.


Dan

[Vlk]

But if you excluded this host, and all traffic is in fact routed thru this host (as it acts as a proxy) then WebShield can't do its job can it? I mean, you're practically excluding all hosts, not only 192.168.0.100, because all traffic is proxy'ed thru this host.

Does that make any sense?

[frampo]

Yeah, that does make sense.
I can confirm that entering the host address does bypasss the web shield, so do I revert to your solution?

Dan

[Vlk]

Yes please try doing what I suggested to Fract
I assume you now have your browser configured to use 192.168.0.100 as a proxy server, right?

Thanks
Vlk

[frampo]

yes thats right.

Dan

[Fract504]

Fract, try the following:

1. revert the port to 80 only
2. open the file <avast>\data\avast4.ini, and add the following to the [WebScanner] section
UpstreamProxyHost=address_of_your_proxy_server
UpstreamProxyPort=8080
3. in your browser, change the proxy settings to
server: localhost
port: 12080

Would that resolve the problem? BTW set this parameters for HTTP protocol only (no HTTPS or FTP)

Thanks
Vlk

Hello Vlk,

I tried your suggestion and this works indeed    But as you said, its not working for SSL. So I point the http and ftp proxy to localhost:12080 and point https to the provider proxy. This config works ok...
VLK: Is this behaviour like it should be, or is it an issue to look at?

I also saw the problem I described when simply enabling Web Shield, but deselecting "Enable Web  Scanning". So nothing was actually scanned, but as I said before "complex" pages didn't finish to load. Only disabling the web shield turned things to normal.

The only difference when using a proxy, is that the browser does not go out to port 80-Websites, but just to the provider-proxy to get the pages... So I'm still searching for a clue why Web Shield "shuts down the doors" when loading complex pages via the provider proxy....

Your workaround works fine!

[Vlk]

I tried your suggestion and this works indeed    But as you said, its not working for SSL. So I point the http and ftp proxy to localhost:12080 and point https to the provider proxy. This config works ok...
VLK: Is this behaviour like it should be, or is it an issue to look at?

Yes, this is exactly what I meant. FTP support is implemented but is still somewhat flakey - I mean, it was not really meant to be used at this stage (but you can try .

I also saw the problem I described when simply enabling Web Shield, but deselecting "Enable Web  Scanning". So nothing was actually scanned, but as I said before "complex" pages didn't finish to load. Only disabling the web shield turned things to normal.

That makes sense - scanning was disabled but the transparent proxy was still in place.

The only difference when using a proxy, is that the browser does not go out to port 80-Websites, but just to the provider-proxy to get the pages...

This is not exactly true... If the browser knows that it's using a proxy, it's working a bit differently. But you're right that it should theoretically work (but it is probably a problem of the upstream proxy that is not able to handle the requests as they're coming from the WebShield)... We may investigate this further in our testlab during the next week.

Thanks
Vlk

[frampo]

Vlk

I have disabled web scanning on the client as it is handled on the host.

Lots of running between computers and looking at log files.

many thanks for keeping me fit.

Dan