Web Site Not Loading: BetFair
-
Hello.
We are currently using the latest release of pfsense in transparent on part of our network. This has been working good for us but we have had a customer report that using Remote Desktop they are unable to visit the web site: https://identitysso.betfair.com/view/login
When we attempt this from one of our own Remote Desktop servers we can confirm that only parts of the site load and it would seem that the firewall is blocking it. I looked in the firewall logs and could see some of the content being blocked by the default system deny rule but I do already have rules in place to allow simple port: 443 and 80 traffic which we don't restrict.
It would seem something else is going on here, as even though we are allowing this traffic correctly under the rules pfsense still seems to want to block it.
Has anyone else had this problem and does this URL load correctly from your pfsense firewall? Any ideas would be great.
Thanks,
Paul Hughes
Senior Manager
http://www.ukhost4u.co.uk/ -
I might have actually got to the bottom of this. It would seem it was SNORT which was blocking the web site from fully loading due to the rule:
ET POLICY Dropbox.com Offsite File Backup in Use
I am a little confused though why this rule would effect a web sites ability to load?
Paul.
-
OK well, we have the web site loading in the browser now but the client is using an API call to betfair and its still being rejected.
We have looked for both the local server IP and the remote side IP in the firewall block logs but nothing is being logged at all. It is the firewall though as when we disable Disable all packet filtering, it starts to work without any errors.
My question is, does PFSense adjust https / tls traffic and cause some providers to reject the traffic as maybe it has been adjusted or something added which it was not expecting.
This is a little over my understanding of the situation so I maybe am not even looking at this correctly at all.
All we are using on PFSense is some standard firewall rules and Snort, Nothing else. No Proxies etc.
Thanks,
Paul Hughes
Senior Manager
http://www.ukhost4u.co.uk/ -
What happens if you disable Snort and test that site?
-
Hello.
We tested this first but it made no difference. It does not seem to be hitting a SNORT rule, but I think its more to do with the actual base firewall in pfSense.
Does it add any overheads to the packets which are passed through the Firewall component? Would a 3rd party side be able to detect that the packets have been adjusted at all?
I am newer to pfSense but I have been using other commercial firewall products for a long time so I want to get an idea of the difference.
Thanks,
Paul.
-
Use your firewall log (Status - System Logs - Firewall) and packet captures (Diagnostics - Packet Capture) to see what's really going on.
-
Hello.
I will try the packet capture and update on what I find. I did look in the firewall logs before and nothing much showed up for it.
Paul.