Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
820
Views
0
Helpful
1
Replies

Site matching on (null) policy

catgibson
Level 1
Level 1

‎11-27-2018 01:08 AM

Hey All,

 

Weird one. Have a user who can access http://abs.gov.au/. It matches on a category in policy.

However users cant access https://portal.abs.gov.au/Portal/#ABSSurveyAccount

As stated above the policy is allowed by Category so the second site should be allowed.

Instead it matches on the correct identity profile and then matches on Policy: (null).

The site works fine outside of our environment.

When i tried adding the site to the no auth list it matches on both profile and policy but the page is still not displayed.

Any suggestions?  Not sure where to look next. 

Labels:
0 Helpful
1 Reply 1

sadik.sener1
Level 1
Level 1

‎12-13-2018 11:23 PM

The problem you describe sounds like a Cipher problem.

 

https://www.ssllabs.com/ssltest/analyze.html?d=portal.abs.gov.au&latest

Check the ciphers on this test results and see if you any matching cipher suite on your WSA.

 

I use this set and it works almost perfect with all the sites.

EECDH:DSS:RSA:!NULL:!eNULL:!EXPORT:3DES:RC4:!RC2:!DES:!SEED:CAMELLIA:!SRP:!IDEA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:!aNULL

 

You set those under System ->SSL Configuration -> Proxy Services: -> Ciphers to use

 

Regards

0 Helpful
Customers Also Viewed These Support Documents