HTTPS and HTTP under WebShield

As far I know, Web Shield should not filter HTTPS traffic.
I use an ISP that when checking the mail passes from HTTP to HTTPS and returns to HTTP.
Similar to GMail logon.
I tested avast! in three different configurations:

  1. Local proxy + only SP2 Internal firewall + avast! + Maxthon (or IE)
  2. Local proxy + ZoneAlarm (free) + avast! + Maxthon (or IE)
  3. Local proxy + Outposto (Trial/Pro) + avast! + Maxthon (or IE)

Removing the local proxy did not help in any case.
I can’t logon into my webmail if I do not disable the WebShield.
In 3, I test it with Firefox. Everything is ok with WebShield on and off.
In the others, the page appears as ‘Loaded’ but blank… Not an error message, nothing…
A blank screen in the browser. Refresh does not help. Copying the link, opening a new browser window neither…
Disabling WebShield and everything works again :frowning:

Could be Internet settings (or Maxthon) but can’t it be a problem in WebShield while changing from HTTPS to HTTP and viceversa?

https traffic is encrypted in the browser and webshield can’t read it or scan it. Sort of like SSL email, but without control of the in-browser encryption option.

I know I’m saing a stupid asking to you: have you some security restriction parameter in your browser (internet settings)?

If it hadn’t worked with Outpost and Firefox in test 3, I would have to agree that Web Shield was the culprit.

But given that it doesn’t work with IE and IE based Maxthon, perhaps you are right that it may have something to do with your Internet settings or possibly the interface between web shield and IE.

If you tried the tests (1 & 2) again with firefox as the browser with those different firewalls. If those tests then succeeded it would show that the firewalls aren’t a part of the problem but either the IE settings or web shield/IE interface.

I would have hopped that web shield would ignore the https element of this flip flop between http, https and back.

There was something along a similar line in another thread about the GET being sent and a response coming back but the original http page still waiting. This at the time seemed to have been resolved when they switched to the pre-release 4.6.635 now we have gone further, .639 and .647 is it possible that this has reverted to the original problem in 4.6.623?

Have you set up webshield to redirect port 443? Or entered 127.0.0.1:12080 under secure in the proxy setup in IE? Unless you have done one of these, or your particular ISP uses https:80 to access this particular web page, webshield won’t see the traffic. Several similar logins I use are no problem with the current webshield version–yahoo mail, hotmail, … Check your webshield redirect and IE proxy settings again-maybe there is something left over from an experiment.

Technical, are you using the latest pre-release version of avast?

It’s not stupid… Probably it’s the trouble here.
But my question is: which security restriction parameter should I change?

It’s not a SSL connection. I’m sure. The comparison with GMail is just the transition of the http protocol to https.

Sure it is 4.6.647 8)

Any time your browser uses https: it sets up an SSL connection. The only options are things like the key size used. What it is usually doing is first a standard web connection on port 80, then spawns an SSL connection (normally on port 443) for the login, then back to a regular web connection on port 80. gmail will actually read email using http on port 80 (not secure) or https on port 443 (SSL) once you login-don’t understand why they have this feature? :o

Living and learning… Thanks, I did not know this.

And so, what can I do?

I put a picture above of the actual Yahoo mail login sequence using IE. Are you using a firewall that can log the internet traffic? (Sygate is good). That would make it easy to see what is happening. Or look for a :80 on the URL for the https command. It is not impossible that your ISP is doing SSL on port 80 for this particular site, and probably the only thing to do is to exclude the URL from Webshield if this is the case. If you are not having either webshield or an IE proxy look at port 443, don’t have another suggestion.

I’ve already tried… not luck… :cry:

You need to exclude the URL for the https site it is diverted to, not the one you start at. And may be hard to see if it just flashes. You could try using Sygate Firewall Free to see what is happening-it logs all the internet traffic. If you do it with Webshield off, should tell you what to exclude with webshield on. Or if you have another internet traffic logging tool, use it. If you want to PM me the name of your mail site, I can see if I can tell anything without being a legal login.

I think it isn’t a firewall setting problem. Just try to open (on IE and other IE-based browsers) Internet Settings->Protection->select the default value (in Italian= Medium).
Maxthon and Avant browser uses both their dedicated additional settings and in the past I had problems as you have now.

Yes, it is very fast, just flash… I’ll see what can I found in the internet traffic logs.
Thanks for helping.

Took a look at how IE did the secure login vs Opera, since that is what I use. Opera does a conventional login via port 443 for https to your mail site. FF probably does too. IE does something on port 80 instead. Unless you can exclude https://mail.terra.com.br/* (remember the s) I don’t see a way to use this site with Webshield and IE. But try excluding the site with https-I can’t tell from the help file whether that will work or not. Good luck; Ed.

It’s on Medium already… In fact, It’ll be useful if anybody could give a right shot into the ‘trouble’ setting… Testing here is not secure…

This is very bad… >:( :frowning: :cry:
https can’t be excluded in anyway as avast adds http in front of each added URL automatically and mandatory. :-\

What about using “ignored addresses” in webshield to not redirect for the IP of the secure server used? I can’t tell which one it is, but it is probably a different IP for the authentication server than for the regular mail server. In other words, redirect the www address IP as usual, don’t redirect traffic to the other IPs.

It does not work… I’m not that worried as Firefox can load it… never mind too much. Thanks for helping me again.