Facebook application problem

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

Facebook application problem

Postby nasrzg » Jan 27 17 9:45 pm

Hello,
I'm having a weird problem concerning the facebook app.
so i have wingate 9.0.3, Enterprise license.
i set the my proxy to inspect ssl, and created a certificate in wingate and installed it in my samsung phone.
everything is working as it should, and my proxy is intercepting and inspecting everything( all https sites on the web including facebook,,,youtube application..) except for (facebook app),it says( intercepted-not inspected). besides the facebook app is not connecting to the internet with ssl inspecting turned on.
i would appreciate any help
Thank you.
nasrzg
 
Posts: 7
Joined: Dec 20 16 1:05 am

Re: Facebook application problem

Postby adrien » Jan 27 17 9:58 pm

Hi

yes, unlike the browser version of FB, the app version won't work with SSL inspection on.

So you need to whitelist the servers it hits for https inspection. You need to do this with a flow-chart policy, hooked to the WWW Proxy: ConnectRequest event.

The policy tests the site, and if it matches (e.g. list lookup) a site set for not inspecting, it sets inspection off with a Expression evaluator item which contains

Code: Select all
Session.EnableSSLInspection = false


The reason it shows as intecepted, not inspected is because the client gave up part way through the SSL handshake when it saw it was being inspected.

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Facebook application problem

Postby nasrzg » Jan 27 17 11:48 pm

Thanks Adrien for the fast reply!!
I'm trying to implement the policy you told me about but i'm having some problems with it.
please check the attachment and tell me if i'm missing something or doing something wrong

FB-policy.jpg
FB-policy.jpg (152.08 KiB) Viewed 2602 times


Thanks.
nasrzg
 
Posts: 7
Joined: Dec 20 16 1:05 am

Re: Facebook application problem

Postby adrien » Jan 28 17 12:25 pm

Hi

You're very close, just change Request.URL to Request.Server

in WinGate, URL is basically

protocol://server/resource?querystring

So since you're just providing site names, just match on the Server part of the URL (Request.Server)

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Facebook application problem

Postby nasrzg » Jan 28 17 8:02 pm

Basically i tried them both (request.url and request.server) with no luck.
Is there a specific format for the matching sites when using request.server?
It seems wingate isn't recognizing the sites in the list.
or is there another work around this issue?
Thanks
nasrzg
 
Posts: 7
Joined: Dec 20 16 1:05 am

Re: Facebook application problem

Postby adrien » Jan 29 17 9:55 am

the list lookup is just a basic string match, so things like the leading period in the first entry will stop that matching.

It can be non-obvious what sites the apps are going to, so you may need to check log files to see what is being requested.

For pattern matching, the matching is done with wildcards, e.g. *.google.com

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland


Return to WinGate

Who is online

Users browsing this forum: Google [Bot] and 28 guests

cron