Lindows
asked on
BlueCoat Access Denied (connect_method_denied) and Network Error (tcp_error)
Hello
I'm using bluecoat proxy.
When I try to access this internal https website that uses a non-standard SSL port
https://starshow:8880/cgi-bin/home/index.cgi, I get
Access Denied (connect_method_denied)
Your request attempted a CONNECT to a port "8880" that is not permitted by default.
This is typically caused by an HTTPS URL that uses a port other then the default of 443.
When I change the VPM-CPL to
<proxy>
url.host=starshow http.method=CONNECT url.port=8880 allow
I then get:
Network Error (tcp_error)
A communication error occurred: ""
The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.
What other changes do I need to make to make this work?
I'm using bluecoat proxy.
When I try to access this internal https website that uses a non-standard SSL port
https://starshow:8880/cgi-bin/home/index.cgi, I get
Access Denied (connect_method_denied)
Your request attempted a CONNECT to a port "8880" that is not permitted by default.
This is typically caused by an HTTPS URL that uses a port other then the default of 443.
When I change the VPM-CPL to
<proxy>
url.host=starshow http.method=CONNECT url.port=8880 allow
I then get:
Network Error (tcp_error)
A communication error occurred: ""
The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.
What other changes do I need to make to make this work?
Here it is - KB3730:
https://kb.bluecoat.com/index?page=content&id=KB3730&actp=RSS
https://kb.bluecoat.com/index?page=content&id=KB3730&actp=RSS
ASKER
I just tried it but I get "Unknown tag: 'port' "
<proxy> http.method=CONNECT url.host=starshow port=8880 ALLOW eof1273851127918 % Load failed with error(s) Policy installation Compiling new configuration file: Inline configuration Fri, 14 May 2010 15:32:24 UTC Error: Unknown tag: 'port' cpl.vpm:2: http.method=CONNECT url.host=starshow port=8880 ALLOW There was 1 error and 0 warnings
<proxy> http.method=CONNECT url.host=starshow port=8880 ALLOW eof1273851127918 % Load failed with error(s) Policy installation Compiling new configuration file: Inline configuration Fri, 14 May 2010 15:32:24 UTC Error: Unknown tag: 'port' cpl.vpm:2: http.method=CONNECT url.host=starshow port=8880 ALLOW There was 1 error and 0 warnings
ASKER
I've changed it to allow all by
http.method=CONNECT ALLOW
but still getting the Network Error (tcp_error).
I think it might be the name resolution issue.
Is there a way to manually add a host to IP mapping in the hosts file in bluecoat SG?
http.method=CONNECT ALLOW
but still getting the Network Error (tcp_error).
I think it might be the name resolution issue.
Is there a way to manually add a host to IP mapping in the hosts file in bluecoat SG?
ASKER
It seems there isn't a hosts file in bluecoat but there's a forwarding option.
I've tried the following but I don't think it's doing the forwarding.
SG#(config forwarding)create starshow 192.168.10.100 https=8880 server
ok
Added the forwarding policy to my existing proxy policy :
<proxy>
http.method=CONNECT ALLOW
<FORWARD>
server_url.domain=starshow forward(starshow)
Anyone experienced in doing this?
I've tried the following but I don't think it's doing the forwarding.
SG#(config forwarding)create starshow 192.168.10.100 https=8880 server
ok
Added the forwarding policy to my existing proxy policy :
<proxy>
http.method=CONNECT ALLOW
<FORWARD>
server_url.domain=starshow
Anyone experienced in doing this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http.method=CONNECT url.host=starshow port=8880 ALLOW
(not url.port but just port)
Let me see if I can find the KB article for this (for reference and other ideas) but I am pretty sure it is just port