Link to home
Start Free TrialLog in
Avatar of Lindows
Lindows

asked on

BlueCoat Access Denied (connect_method_denied) and Network Error (tcp_error)

Hello

I'm using bluecoat proxy.
When I try to access this internal https website that  uses a non-standard SSL port
https://starshow:8880/cgi-bin/home/index.cgi, I get

Access Denied (connect_method_denied)
Your request attempted a CONNECT to a port "8880" that is not permitted by default.  
This is typically caused by an HTTPS URL that uses a port other then the default of 443.  

When I change the VPM-CPL to
<proxy>
url.host=starshow http.method=CONNECT url.port=8880 allow

I then get:

Network Error (tcp_error)
A communication error occurred: "" 
The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.  

What other changes do I need to make to make this work?
Avatar of Venabili
Venabili
Flag of Bulgaria image

Try
http.method=CONNECT url.host=starshow port=8880 ALLOW

(not url.port but just port)

Let me see if I can find the KB article for this (for reference and other ideas) but I am pretty sure it is just port  
Avatar of Lindows
Lindows

ASKER

I just tried it but I get "Unknown tag: 'port' "

<proxy> http.method=CONNECT url.host=starshow port=8880 ALLOW eof1273851127918 % Load failed with error(s) Policy installation Compiling new configuration file: Inline configuration Fri, 14 May 2010 15:32:24 UTC Error: Unknown tag: 'port' cpl.vpm:2: http.method=CONNECT url.host=starshow port=8880 ALLOW There was 1 error and 0 warnings
Avatar of Lindows

ASKER

I've changed it to allow all by
http.method=CONNECT ALLOW

but still getting the Network Error (tcp_error).
I think it might be the name resolution issue.

Is there a way to manually add a host to IP mapping in the hosts file in bluecoat SG?
Avatar of Lindows

ASKER

It seems there isn't a hosts file in bluecoat but there's a forwarding option.
I've tried the following but I don't think it's doing the forwarding.
SG#(config forwarding)create starshow 192.168.10.100 https=8880 server
ok

Added the forwarding policy to my existing proxy policy :
<proxy>
http.method=CONNECT ALLOW

<FORWARD>
server_url.domain=starshow forward(starshow)

Anyone experienced in doing this?
ASKER CERTIFIED SOLUTION
Avatar of Lindows
Lindows

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial