01-29-2013 12:38 PM
Our WebMaster is working on implementing some .js files on our WebServer. He has a few specific .js files loaded onto our Web Servers.
They load up with no problems internally (Our PA allows ALL traffic from internal to our DMZ, Internal and External traffic both flow through an A10 Load Balancer to our two physical servers).
From the OUTSIDE, the .js files will "partially" download, then hang. Our Policies only allow "Web-Browsing" and "Web-Crawler" applications access.
I have been all over the PA Monitor tabs, and do not see ANY blocked or denied traffic. Is there some specific application that needs to be allowed to have this function?
Here is the .js file in question:
http://www.co.shasta.ca.us/App_Master/mediaelementjs/mediaelement-and-player.min.js
Once in a great while it will load, but if I clear the browser cache, it again hangs during loading.
01-29-2013 02:49 PM
You can use an app override if you feel that the PA decision is incorrect.
Looking at your js-file its full of silverlight references so im not suprised that PA classify this file as a silverlight application.
Regarding seeing blocked requests you need to manually specify a last "any, any, deny + log on session end" because the built in hidden rule is just "any, any, deny" (without any logging).
In URL filtering options there is a "log container page only" which is enabled by default but that shouldnt affect how the appid's are being logged (since url filtering is something else).
01-29-2013 02:32 PM
Found that adding "SilverLight", and "Flash" let the .js files work, but this brings up another question:
During my troubleshooting, I was looking for ANY traffic from my test laptop on the Internet (static Public IP), for all Monitoring tabs.
I was able to see "Web-Browsing" on port 80, but that was the ONLY traffic seen (Allowed OR Denied)
Once I added "SilverLight", on the Traffic Monitor, I am now seeing allowed traffic for "Web-Browsing" AND "SilverLight".
Why is this traffic showing on the logs after allowed, but NOT showing on the logs when it should have been showing as "denied"?
01-29-2013 02:49 PM
You can use an app override if you feel that the PA decision is incorrect.
Looking at your js-file its full of silverlight references so im not suprised that PA classify this file as a silverlight application.
Regarding seeing blocked requests you need to manually specify a last "any, any, deny + log on session end" because the built in hidden rule is just "any, any, deny" (without any logging).
In URL filtering options there is a "log container page only" which is enabled by default but that shouldnt affect how the appid's are being logged (since url filtering is something else).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
