cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
599
Views
0
Helpful
1
Replies
Highlighted
Beginner

Unable to reproduce some streaming videos from Akamai behind WSA S670

Hello community,

In my organization we have an Ironport S670 version 7.5.2-304 and I´m unable to reproduce some stream videos hosted in Akamai. It´s an odd situation because I could not find way to by-pass this restriction. Not all Akamai videos are experiencing the issue, but if I don´t use Ironport they all work fine. As it´s very difficult to detail the behavior, I´d like to ask you to test in your own environment if you can.

The main URL is the following:

http://www.cers.com.br/cursos/area-juridica-6/carreiras-jurdicas/curso-preparatorio-para-carreira-juridica-2015-modulos-i-e-ii

The video is under the phrase "AULA DEMONSTRATIVA", on the left of the page. In the WSA log file, I can see something like this:

Jan 27 15:52:46 ironport syslog-access: Info: 1422381166.423 520 xxx.xxx.xxx.xxx TCP_MISS/403 1067 GET http://cers10hds-vh.akamaihd.net/z/account/869/1/2015-01-17/video/f643ab4351111f5bc4b73d41d6788170/VIN_2974_121814_LEG_PEN_ESP_PCJ_2015_LEIS_CRIME_HED_AULA01_PtI_OK_240p.mp4/manifest.f4m?hdnts=st=1422381150~exp=1422382230~acl=/*~hmac=9b0a81708e2833b0... - DIRECT/cers10hds-vh.akamaihd.net text/html MONITOR_CUSTOMCAT_11-Rule_1-Rule_2-NONE-NONE-NONE-DefaultGroup <C_Aces,5.9,0,"-",0,0,0,1,"-",-,-,-,"-",-,-,"-","-",-,-,IW_infr,-,"-","-","Unknown","Unknown","-","-",16.42,0,-,"Unknown","-"> -

Verifying results in Firebug, I also can see this:

"[ERROR] time 17:00:04.964 :: 201, Unable to load stream or clip file, , clip: '[Clip] 'http://cers10hds-vh.akamaihd.net/z/account/869/1/2015-01-17/video/f643ab4351111f5bc4b73d41d6788170/VIN_2974_121814_LEG_PEN_ESP_PCJ_2015_LEIS_CRIME_HED_AULA01_PtI_OK_240p.mp4/manifest.f4m?hdnts=st=1422384953~exp=1422386033~acl=/*~hmac=5b5b8956f3b3a130accc6bc11a871049f9b1c57af78e9d74263db8f906984a6c''"

I´ve created an Identity to my entire network (without authentication), defined a custom URL category with the adresses "akamaihd.net", "cers.com.br" and "liquidplatform.com" (I found the last one in firebug) and created a specific policy allowing this Identity, but the 403 error stills happening and the video does not reproduce.

If you have any idea or suggestion, I'd really appreciate that.

Best regards,

Luiz

 

1 REPLY 1
Highlighted
Cisco Employee

If tried to access just below link:

http://cers10hds-vh.akamaihd.net/z/account/869/1/2015-01-17/video/f643ab4351111f5bc4b73d41d6788170/VIN_2974_121814_LEG_PEN_ESP_PCJ_2015_LEIS_CRIME_HED_AULA01_PtI_OK_240p.mp4/manifest.f4m?hdnts=st=1422381150~exp=1422382230~acl=/*~hmac=9b0a81708e2833b0e42244d193645b0425d978af2e61bfc3377e807ebc5adb0b&g=BRDMVBKEERKR&hdcore=3.4.0&plugin=flowplayer-3.4.0.0

 

It will not be allowed with WSA or without WSA and getting access denied from the web site it self. This is due to the streaming video in that page is per segment (in regards to the stream traffics) and using some sort of manifest and to play the full video, it will need the rest of the manifests.

 

Below is from the WSA logs, if you just accessing that link (similar that you are getting):

1424320465.473 775 xx.xx.xx.xx TCP_MISS/403 1066 GET http://cers10hds-vh.akamaihd.net/z/account/869/1/2015-01-17/video/f643ab4351111f5bc4b73d41d6788170/VIN_2974_121814_LEG_PEN_ESP_PCJ_2015_LEIS_CRIME_HED_AULA01_PtI_OK_240p.mp4/manifest.f4m?hdnts=st=1422381150~exp=1422382230~acl=/*~hmac=9b0a81708e2833b0... - DIRECT/cers10hds-vh.akamaihd.net text/html DEFAULT_CASE_12-Policy-ID-NONE-NONE-NONE-DefaultGroup <IW_infr,5.9,0,"-",0,0,0,1,"-",-,-,-,"-",1,-,"-","-",-,-,IW_infr,-,"Unknown","-","Unknown","Unknown","-","-",11.00,0,-,"Unknown","-",-,"-",-,-,"-","-"> -

 

Above log is getting HTTP code of TCP_MISS(indicate is process successfully by WSA) but getting response of /403 which means somewhere a long the line after WSA to web site is blocked.

 

However if you access the main page:

http://www.cers.com.br/cursos/area-juridica-6/carreiras-jurdicas/curso-preparatorio-para-carreira-juridica-2015-modulos-i-e-ii

 

The streaming video should play correctly.

 

can you put ".akamaihd.net" in your custom URL category and make sure that you set this to "Allow" not "monitor" and try again.