Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Kerio HTTP protocol Inspector problems with FaceBook !!!??? (I got some problems lately due to HTTP protocol inspector !)
  •  
moro666

Messages: 90

Karma: 0
Send a private message to this user
lately I got strange problem with facebook!
most (not all) friends profiles pictures are broken
(broken link to the pic.) or it was act like that.

first i thought it's coz of facebook servers, they do some upgrades and changes these days!!

but i found that, when I disable HTTP protocol inspector , all these proken links working fine.

and all broken pictures appears with just a page refresh after disabling this inspector !!!

did any one got something like this ?

PS:
more strange thing that all broken and non-broken pics, came from the same domain name:
[profile.ak.fbcdn.net]

SO... WHAT ? Sad

Mohammad Habeeb
  •  
moro666

Messages: 90

Karma: 0
Send a private message to this user
UPDATES...


when i was checking Kerio logs, i found this in Security Log
(see attached image)

index.php?t=getfile&id=1757&private=0

So, I do this test.
i opened FaceBook and browsing some pages within it .. and keeping my eyes on this log. and yes.. these lines coming up while browsing!!
(( I do this test on firewall machine and on another client PC))

at log file pic. you gonna see this error repeated within different dates. and still goes on.

I investigated about these servers IPs
[92.123.64.xxx]
[92.122.127.xxx] etc, etc,

found that these IPs belongs to : Akamai Technologies

Country EU
Network Name AKAMAI-PA
Owner Name Akamai Technologies
From IP 92.123.64.0
To IP 92.123.67.255
Allocated Yes
Contact Name Network Architecture Role Account
Address Akamai Technologies
8 Cambridge Center - Cambridge - MA 02142
Email ip-admin<_at_>akamai.com
Abuse Email abuse<_at_>akamai.com
Phone +1-617-938-3130
Fax
Whois Source RIPE NCC
Host Name -----
Resolved Name a92-123-64-27.deploy.akamaitechnologies.com



and most of facebook servers using this network !
not only Face.B. but many many sites/services !!

I hope some one tell me anything ..
at least what this error mean:

[Non-ASCII bytes detected in HTTP response] ???

I used to see this error/warning , But not that much and there was no noticeable problems !

Thanks..

  • Attachment: Kerio Log.png
    (Size: 47.11KB, Downloaded 4997 times)

[Updated on: Thu, 24 December 2009 03:19]


Mohammad Habeeb
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
moro666 wrote on Thu, 24 December 2009 03:15

[Non-ASCII bytes detected in HTTP response] ???

Well, that literally means what is says.

The HTTP protocol is supposed to only use ASCII characters and the server is returning bytes that are not ASCII characters. This is somewhat suspicious and not according to protocol, so therefore blocked by Kerio.

I don't know why Facebook would return such bytes. Perhaps an erroneuous configuration on their side, perhaps it has a 'good' reason. However, to me, never a good idea to bypass proper protocol...
  •  
moro666

Messages: 90

Karma: 0
Send a private message to this user
Yes, Winkelman..
I got what "Non-ASCII bytes..." means
and I fix this situation by a dangerous way as I think Sad
but I'll consider it a temporarily fix, tell i find, or kerio find some wayout

before I go with what i did to fix this.
I have to say I'm sure now it's not a coz of misconfiguration with kerio.
I tried to install Kerio winroute on some other environment ( some friend Network )
so simple Network..
( Mine is little complicated coz I use another squid cache box before kerio server,, and doing 4 DSL lines Loadbalance with MekroTek on third box)

WAN1 \
WAN2 \
WAN3 ---- Mikrotek Box ---> Sqid Box ---> Kerio Box ---> LAN
WAN4 /

SO.. the faceBook problem happened on my friends' Simple network.

Anyway,.,.
i found in "winroute.cfg" this section:

<table name="ProxyHTTP">
<variable name="MaxRequestSize">16384</variable>
<variable name="NoHostEnabled">0</variable>
<variable name="PathMaxLogChars">512</variable>
<variable name="QueryMaxLogChars">0</variable>
<variable name="LogFormat">1</variable>
<variable name="AuthRealm"></variable>
<variable name="PartialHostEnabled">1</variable>
<variable name="AvirRangeEnabled">1</variable>
<variable name="AvirIfRangeEnabled">0</variable>
<variable name="RemoveHostFromURL">1</variable>
<variable name="DecodeResponse">1</variable>

<variable name="DetectMaliciousHeaders">1</variable>
<variable name="HandleMappedServers">0</variable>
<variable name="UrlCheckCutQuery">1</variable>
</table>



In this Line:
<variablename="DetectMaliciousHeaders">1</variable>

I changed 1 to 0 to disable detecting Malicious HTTP headers
and Face Book working just fine..

I know it's not good doing that, but what else can I do ?

in that section to, you can see this :
"MaxRequestSize">16384

what if we increased this value a little ??
is this may fix the problem ? or any relation between it and "Malicious Headers" ?

Mohammad Habeeb
  •  
raza

Messages: 3
Karma: 0
Send a private message to this user
sir, i have also facing problems with Facebook but i do not found setting of enable or disable HTTP protocol inspector in which kerio control 7.1.2

[Updated on: Sat, 07 January 2012 16:01]

  •  
raza

Messages: 3
Karma: 0
Send a private message to this user
i cannot disable HTTP protocol inspector please help me
  •  
raza

Messages: 3
Karma: 0
Send a private message to this user
please send me procedure of disable or enable HTTP protocol inspector
Previous Topic: Control + Connect
Next Topic: ?Log Settings?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 18:33:30 CET 2017

Total time taken to generate the page: 0.00486 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.