+ Post New Thread
Results 1 to 14 of 14
Internet Related/Filtering/Firewall Thread, Smoothwall and some sites not rendering correctly in Technical; On our smoothwall we gets sites that just don't render correctly - as if their css file was missing. When ...
  1. #1
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,320
    Thank Post
    115
    Thanked 91 Times in 61 Posts
    Rep Power
    29

    Smoothwall and some sites not rendering correctly

    On our smoothwall we gets sites that just don't render correctly - as if their css file was missing. When this happens checking the web log shows nothing being blocked and the site isn't specifically mentioned in our rules

    In fact, the live web log view shows 'ok' for the url as the user views it - except the site is rendered messily (i.e menus don't work, image aligned incorrectly etc)

    If I put a top level allow rule for this site it generally works, but why? How can I tell what is being blocked by the smoothwall box when nothing is showing in the logs?

    I've also noticed that some sites webcam streams fail in the same way - the webcam times out but nothing is showing as being blocked?
    Last edited by Sheridan; 9th June 2011 at 09:16 AM.

  2. #2

    Join Date
    Apr 2007
    Location
    Bishop's Stortford
    Posts
    18
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    15
    I had a similar issue with sites not loading properly which was very frustrating for my ICT department when they were teaching about web design! I found that it was a content security policy that was restricting it... I would remove all content security on a test login and slowly re-instate each security category of that polciy until you find the offending one... I just cheated and switched off most of it and i haven't had any issues...

    Very frustrating that the logs don't show the site being blocked by that policy...

    Hope it helps...

  3. Thanks to andyfield from:

    Sheridan (9th June 2011)

  4. #3
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,320
    Thank Post
    115
    Thanked 91 Times in 61 Posts
    Rep Power
    29
    I'll check that out - I've got the default set of security rules enabled.

    Problem with the webcam seems to be its bypassing Smoothwall (ie. using a seperate protocol), but I can see any failed access on the firewall.

    Edit: Its an odd one this. It seems like the webcam uses Adobe Flash (which I believe is RTMP on port 1935), now I have a rule on our ISA box to allow RMTP out directly but it doesn't appear to be blocked by smoothwall, nor hitting the isa box. I can't tell what IE is trying to do with the stream?
    Last edited by Sheridan; 9th June 2011 at 12:00 PM.

  5. #4


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,473
    Thank Post
    866
    Thanked 848 Times in 670 Posts
    Rep Power
    196
    One to watch - the log viewer has an "ignore filter" - most of the time you don't want to see the reams of css and javascript. Turn off the ignore filter, and add another one (eg. domain filter) to keep the results manageable, and you should see the things you're blocking.

    As for webcams.. could be RTSP.. or RTMP 554 and 1492 i think

  6. #5
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,320
    Thank Post
    115
    Thanked 91 Times in 61 Posts
    Rep Power
    29
    It seems it was the security rules that caused the 'mangling' - the CSS cross scripting rule seems to be the culprit.

    As for the webcams, I can't see anything hitting the firewall that is RTMP (1935) or RSTP (554) at all, very odd. Channel4 OD uses RTMP and that works fine.

  7. #6
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,320
    Thank Post
    115
    Thanked 91 Times in 61 Posts
    Rep Power
    29
    I've had to admit defeat on this webcam problem. The webcam stream is an Adobe Flash Player one. The smoothwall box isn't blocking anything that I can and nothing is hitting the firewall when the client is trying to connect. The smoothwall box shows lots of traffic to the webcam site but nothing being denied whereas the firewall shows nothing so I'm guessing its using port 80/443.

  8. #7


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,473
    Thank Post
    866
    Thanked 848 Times in 670 Posts
    Rep Power
    196
    Any way we could replicate this webcam nonsense in-house?

    Have you had good old wireshark at it?


    PS. Bad Sheridan! Defeat is not an option!

  9. #8
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,320
    Thank Post
    115
    Thanked 91 Times in 61 Posts
    Rep Power
    29
    Sheridan is tired!

    I ran Wireshark and it simply shows a lot of access to the smoothwall proxy - and nothing else to an external ip as far as I can see.

  10. #9


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,473
    Thank Post
    866
    Thanked 848 Times in 670 Posts
    Rep Power
    196
    Maybe we'll let you off, you were only conceding defeat in front of your fellow 'geek - so no harm done to the collective rep

    Email me the packet dump if you like, see if I can make any sense of it.

  11. #10
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,320
    Thank Post
    115
    Thanked 91 Times in 61 Posts
    Rep Power
    29
    I tried the site in question at home and the webcams do work fine, using the Media Player extension plugin. I'll get Wireshark back onto the case again!

  12. #11
    Oops_my_bad's Avatar
    Join Date
    Jan 2007
    Location
    Man chest hair
    Posts
    1,738
    Thank Post
    438
    Thanked 53 Times in 50 Posts
    Rep Power
    30
    Have you tried a different browser?

    Thought I had a similar one recently.. nothing getting logged in smoothwall anywhere. Turns out it was a bug in IE (or a recent IE update) that broke rendering on some websites

  13. #12
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,320
    Thank Post
    115
    Thanked 91 Times in 61 Posts
    Rep Power
    29
    It does the same thing in firefox as well - the webcam plugin just sits there saying 'loading'. Externally I've tested with IE, firefox and seamonkey and they all work OK.

    All I can see in wireshark is access to the smoothwall box as a proxy.

    Actually, since we installed the smoothwall box google maps has never worked either. We always get the 'Still loading' message whatever browser we use - even when maps.google.com is given a top level 'Allow'

    I've now tried on a seperate smoothwall box - which has no Deny rules at all. Same result. Nothing logged either.
    Last edited by Sheridan; 13th June 2011 at 12:10 PM.

  14. #13


    Join Date
    Sep 2009
    Location
    Yorkshire
    Posts
    206
    Thank Post
    64
    Thanked 69 Times in 45 Posts
    Rep Power
    23
    Sheridan, I think you were on the right track earlier in-thread when you mentioned content modification rules.

    Turn off the ignore filter in the log viewer and check for any lines with MODIFIED, particularly on JavaScript, and see what you see.

  15. #14
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,320
    Thank Post
    115
    Thanked 91 Times in 61 Posts
    Rep Power
    29
    I've attached the log from when I try to hit the site with the webcam that is failing.

    Nothing in the log that I can see seems to suggest anything being blocked?
    Attached Files Attached Files

SHARE:
+ Post New Thread

Similar Threads

  1. Getting SmoothWall School Guardian to unblock sites / synch setup
    By dhicks in forum Internet Related/Filtering/Firewall
    Replies: 13
    Last Post: 28th November 2009, 04:11 PM
  2. Smoothwall Problem - Blocking Https sites
    By adhutton in forum Internet Related/Filtering/Firewall
    Replies: 2
    Last Post: 2nd October 2009, 09:56 AM
  3. SmoothWall and Proxy Sites
    By mmoseley in forum Internet Related/Filtering/Firewall
    Replies: 6
    Last Post: 27th March 2009, 10:25 AM
  4. Replies: 14
    Last Post: 2nd January 2009, 02:05 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •