topic Re: Mozilla Extension blocked in Web Security

Mozilla Extension blocked

rngai_ironport — Wed, 30 Sep 2009 11:22:26 GMT

Hi,

Anyone had similar issue installing Mozilla extension over S360? Access policy allow all sort of object (non of the Block Object type box is checked). When I look at http header, it shows:

Content-Type: application/x-xpinstall

which should match Mozilla/Firefox Extension but instead policy trace show it is blocked due to custom MIME type settings (using url below):

URL used:
http://releases.mozilla.org/pub/mozilla.org/addons/1843/firebug-1.4.3-fx.xpi

URL Check
URL Category: Computing & Internet
WBRS Score: 6.9
Object Size: 690894 bytes
Policy Match
Decryption policy: None
Routing policy: Global Routing Policy
Identity policy: AD_AUTH
Access policy: GeneralGroup
Final Result
Request blocked
Details: Request blocked based on custom MIME type settings
Trace session complete

Could it be S360 detect .xpi file as custom type?

Re: Mozilla Extension blocked

khoanguy — Thu, 01 Oct 2009 03:45:59 GMT

Check your GeneralGroup access policy under the column objects for any "Block Custom MIME Types" custom settings.

The accesslogs should also help as well to show exactly what it was actually blocking.

Use the grep command:
Using the grep command from the CLI, you can view a specific request from specific clients to troubleshoot why it was allowed, blocked, or which group it matched on.

Paste the response from the CLI and we can assist in analyzing the access logs.

1. Log into the CLI.
2. Type in "grep".
3. Select the accesslogs.
4. Type in specific client's ip address for the regular expression
5. Type in "Y" for do you want to tail the accesslogs.

Re: Mozilla Extension blocked

rngai_ironport — Thu, 01 Oct 2009 08:52:03 GMT

Thanks khoa,

I figure global policy actually blocking Mozilla/extension. It work once I allow that.

1254357700.352 349 10.8.3.5 TCP_DENIED/403 3414 GET http://releases.mozilla.org/pub/mozilla.org/addons/1843/firebug-1.4.3-fx.xpi "GAS2\smith@GAS2-DOMAIN" DIRECT/releases.mozilla.org application/x-xpinstall BLOCK_ADMIN_FILE_TYPE-GeneralGroup-AD_AUTH-NONE-NONE-DefaultRouting - "2" "0" "0" "0" "0" "171" "0" "172"

Re: Mozilla Extension blocked

rngai_ironport — Fri, 02 Oct 2009 12:53:26 GMT

Sorry to ask another question, how do we create a new custom MIME-Type?

Under Objects -> Executable Code, I could only see
a) ActiveX Plugin
b) Windows Executable
c) Java Program
d) Unix Executable
e) Mozilla/Firefox Extension

The file I am trying to download is http://download.tomtom.com/sweet/application/releases/v2_7_2_1825_win.exe which is blocked as "application/x-dosexec". How can I create another custom Executable Code to I can allow this file to download?

1254457798.542 1021 10.33.134.36 TCP_DENIED/403 3404 GET http://download.tomtom.com/sweet/application/releases/v2_7_2_1825_win.exe "GAS\smith@GAS-AD-DOMAIN" DIRECT/download.tomtom.com application/x-dosexec BLOCK_ADMIN_FILE_TYPE-GeneralGroup-AD_AUTH-NONE-NONE-DefaultRouting - "4" "0" "0" "0" "0" "210" "0" "804"

Oh, another question. Why would Ironport label MIME-Type as application/x-dosexec while my Mozilla HTTP Header detect it as Content-Type: application/octet-stream.

Appreciate your help.

Re: Mozilla Extension blocked

khoanguy — Tue, 06 Oct 2009 05:37:48 GMT

If you want to allow "windows executable" you will need to uncheck the box matching your desired access policy. "windows executable" covers several mime types:

application/x-msdos-program
application/x-msdownload
application/x-dosexec

Not sure why Mozilla detects the content type as such, unless it was not the actual object in question or it was what was seen in the custom http headers and not a file detection log.