e2guardian: 400 Bad request URL is malformed
240 views
Skip to first unread message
Stanford Prescott
Sep 15, 2015, 10:51:12 AM9/15/15
to e2guardian
We (the Smoothwall Express 3.1 firewall developers) are getting a rash of users complaining about this error, particularly with the imdb website.
We are using Squid 3.5.7 with SSLBump. However, when E2guardian is activated, all port 80 requests are REDIRECTed via iptables to port 8080 where e2guardian is listening and any proxy configurations from browsers is blocked to prevent users from bypassing the content filter (port 800 is blocked which is the port Squid listens on). E2Guardian is not configured for MITM. Therefore, all port 80 requests are redirected to e2guardian on port 8080 and then, after e2guardian scans the webpage, the page is passed on to Squid for caching. While E2Guardian is active and Squid SSLBump is active, port 443 requests are sent to Squid's https port it is listening on (808 in this case) for the MITM inspection.
This all works very well, but there are just a few websites that seem to return this "malformed URL" error. like imdb. Most other websites seem to work fine.When e2guardian is turned off, imdb (and other websites with this problem) appear to load just fine as well
I saw another post about this issue but didn't see any resolution to it.
Regard.
Stan.
Sep 14 22:39:15 smoothwall e2guardian[1581]: Destination host of www.imdb.com did not match the original destination IP of 207.171.162.180
Sep 14 22:39:21 smoothwall e2guardian[1613]: Destination host of www.imdb.com did not match the original destination IP of 207.171.162.180
Sep 14 22:39:21 smoothwall e2guardian[1613]: Destination host of www.imdb.com did not match the original destination IP of 207.171.162.180
Sep 14 22:56:12 smoothwall e2guardian[20318]: Destination host of www.imdb.com did not match the original destination IP of 72.21.203.211
Sep 14 22:56:13 smoothwall e2guardian[1580]: Destination host of www.imdb.com did not match the original destination IP of 72.21.203.211
Sep 14 22:56:14 smoothwall e2guardian[1606]: Destination host of www.imdb.com did not match the original destination IP of 72.21.203.211
Sep 14 22:56:16 smoothwall e2guardian[1587]: Destination host of ia.media-imdb.com did not match the original destination IP of 23.216.10.153
Sep 14 22:39:21 smoothwall e2guardian[1613]: Destination host of www.imdb.com did not match the original destination IP of 207.171.162.180
Sep 14 22:39:21 smoothwall e2guardian[1613]: Destination host of www.imdb.com did not match the original destination IP of 207.171.162.180
Sep 14 22:56:12 smoothwall e2guardian[20318]: Destination host of www.imdb.com did not match the original destination IP of 72.21.203.211
Sep 14 22:56:13 smoothwall e2guardian[1580]: Destination host of www.imdb.com did not match the original destination IP of 72.21.203.211
Sep 14 22:56:14 smoothwall e2guardian[1606]: Destination host of www.imdb.com did not match the original destination IP of 72.21.203.211
Sep 14 22:56:16 smoothwall e2guardian[1587]: Destination host of ia.media-imdb.com did not match the original destination IP of 23.216.10.153
We are using Squid 3.5.7 with SSLBump. However, when E2guardian is activated, all port 80 requests are REDIRECTed via iptables to port 8080 where e2guardian is listening and any proxy configurations from browsers is blocked to prevent users from bypassing the content filter (port 800 is blocked which is the port Squid listens on). E2Guardian is not configured for MITM. Therefore, all port 80 requests are redirected to e2guardian on port 8080 and then, after e2guardian scans the webpage, the page is passed on to Squid for caching. While E2Guardian is active and Squid SSLBump is active, port 443 requests are sent to Squid's https port it is listening on (808 in this case) for the MITM inspection.
This all works very well, but there are just a few websites that seem to return this "malformed URL" error. like imdb. Most other websites seem to work fine.When e2guardian is turned off, imdb (and other websites with this problem) appear to load just fine as well
I saw another post about this issue but didn't see any resolution to it.
Regard.
Stan.
num...@free.fr
Sep 15, 2015, 10:59:53 AM9/15/15
to e2guardian
Hi
Do you have compiled E2 with originalip ?
--enable-orig-ip[=no] Enable support for checking the client's original
destination IP address against HTTP request details
when deployed as a transparent proxy (US-CERT
VU#435052). Currently only works on Linux.
If Yes, please try with originalip = off in e2guardianf[group].conf
Fred
Do you have compiled E2 with originalip ?
--enable-orig-ip[=no] Enable support for checking the client's original
destination IP address against HTTP request details
when deployed as a transparent proxy (US-CERT
VU#435052). Currently only works on Linux.
If Yes, please try with originalip = off in e2guardianf[group].conf
Fred
Stanford Prescott
Sep 16, 2015, 6:19:09 PM9/16/15
to e2guardian
That was it! Thanks, Fred.
FredB
Sep 17, 2015, 3:35:19 AM9/17/15
to e2guardian
> That was it! Thanks, Fred.
FMI, there is an "advanced Dansguardian" in Smoothwall ? I'm wrong ?
Fred
Reply all
Reply to author
Forward
0 new messages