HTTPS and HTTP under WebShield

[Lisandro]

As far I know, Web Shield should not filter HTTPS traffic.
I use an ISP that when checking the mail passes from HTTP to HTTPS and returns to HTTP.
Similar to GMail logon.
I tested avast! in three different configurations:

1. Local proxy + only SP2 Internal firewall + avast! + Maxthon (or IE)
2. Local proxy + ZoneAlarm (free) + avast! + Maxthon (or IE)
3. Local proxy + Outposto (Trial/Pro) + avast! + Maxthon (or IE)

Removing the local proxy did not help in any case.
I can't logon into my webmail if I do not disable the WebShield.
In 3, I test it with Firefox. Everything is ok with WebShield on and off.
In the others, the page appears as 'Loaded' but blank... Not an error message, nothing...
A blank screen in the browser. Refresh does not help. Copying the link, opening a new browser window neither...
Disabling WebShield and everything works again 

Could be Internet settings (or Maxthon) but can't it be a problem in WebShield while changing from HTTPS to HTTP and viceversa?

[sded]

https traffic is encrypted in the browser and webshield can't read it or scan it.  Sort of like SSL email, but without control of the in-browser encryption option.

[kamulko]

I know I'm saing a stupid asking to you: have you some security restriction parameter in your browser (internet settings)?

[DavidR]

If it hadn't worked with Outpost and Firefox in test 3, I would have to agree that Web Shield was the culprit.

But given that it doesn't work with IE and IE based Maxthon, perhaps you are right that it may have something to do with your Internet settings or possibly the interface between web shield and IE.

If you tried the tests (1 & 2) again with firefox as the browser with those different firewalls. If those tests then succeeded it would show that the firewalls aren't a part of the problem but either the IE settings or web shield/IE interface.

[DavidR]

https traffic is encrypted in the browser and webshield can't read it or scan it. Sort of like SSL email, but without control of the in-browser encryption option.

I would have hopped that web shield would ignore the https element of this flip flop between http, https and back.

There was something along a similar line in another thread about the GET being sent and a response coming back but the original http page still waiting. This at the time seemed to have been resolved when they switched to the pre-release 4.6.635 now we have gone further, .639 and .647 is it possible that this has reverted to the original problem in 4.6.623?

[sded]

Have you set up webshield to redirect port 443? Or entered 127.0.0.1:12080 under secure in the proxy setup in IE?  Unless you have done one of these, or your particular ISP uses https:80 to access this particular web page, webshield won't see the traffic.  Several similar logins I use are no problem with the current webshield version--yahoo mail, hotmail, ...  Check your webshield redirect and IE proxy settings again-maybe there is something left over from an experiment.

[Vlk]

Technical, are you using the latest pre-release version of avast?

[Lisandro]

I know I'm saing a stupid asking to you: have you some security restriction parameter in your browser (internet settings)?

It's not stupid... Probably it's the trouble here.
But my question is: which security restriction parameter should I change?

https traffic is encrypted in the browser and webshield can't read it or scan it.  Sort of like SSL email, but without control of the in-browser encryption option.

It's not a SSL connection. I'm sure. The comparison with GMail is just the transition of the http protocol to https.

Technical, are you using the latest pre-release version of avast?

Sure it is 4.6.647 

[sded]

Any time your browser uses https: it sets up an SSL connection.  The only options are things like the key size used.  What it is usually doing is first a standard web connection on port 80, then spawns an SSL connection (normally on port 443) for the login, then back to a regular web connection on port 80.  gmail will actually read email using http on port 80 (not secure) or https on port 443 (SSL) once you login-don't understand why they have this feature?

[Lisandro]

Any time your browser uses https: it sets up an SSL connection.

Living and learning... Thanks, I did not know this.

What it is doing is first a standard web connection on port 80, then spawns an SSL connection (normally on port 443) for the login, then back to a regular web connection on port 80.  gmail will actually read email using http on port 80 (not secure) or https on port 443 (SSL) once you login-don't understand why they have this feature?

And so, what can I do?

[sded]

I put a picture above of the actual Yahoo mail login sequence using IE.   Are you using a firewall that can log the internet traffic?  (Sygate is good).  That would make it easy to see what is happening.   Or look for a :80 on the URL for the https command.  It is not impossible that your ISP is doing SSL on port 80 for this particular site, and probably the only thing to do is to exclude the URL from Webshield if this is the case.  If you are not having either webshield or an IE proxy look at port 443, don't have another suggestion.

[Lisandro]

Probably the only thing to do is to exclude the URL from Webshield if this is the case.

I've already tried... not luck...  :'(

[sded]

You need to exclude the URL for the https site it is diverted to, not the one you start at.   And may be hard to see if it just flashes. You could try using Sygate Firewall Free to see what is happening-it logs all the internet traffic.  If you do it with Webshield off, should tell you what to exclude with webshield on.  Or if you have another internet traffic logging tool, use it.  If you want to PM me the name of your mail site, I can see if I can tell anything without being a legal login.

[kamulko]

I think it isn't a firewall setting problem. Just try to open (on IE and other IE-based browsers) Internet Settings->Protection->select the default value (in Italian= Medium).
Maxthon and Avant browser uses both their dedicated additional settings and in the past I had problems as you have now.

[Lisandro]

You need to exclude the URL for the https site it is diverted to, not the one you start at. And may be hard to see if it just flashes.

Yes, it is very fast, just flash... I'll see what can I found in the internet traffic logs.
Thanks for helping.