Hi,


Has a weird problem where a user was unable to buy things from
amazon.co.uk. She could access the site but was forbidden by
Bordermanager
("443") when having added stuff to her 'shopping cart' she clicked
on "Connect to Secure Server" in order to checkout.

Amazon.co.uk is restricted on the Surfcontrol filter under "Shopping",
but
we had an allow rule specifying both http://www.amazon.co.uk/* and
httpS://www.amazon.co.uk/* . Again these gave access to the site
except
for the secure server checkout bit. I proved it was Surfcontrol
denying
this and not any of the other rules by generating a report on the
denial,
which gave me this:

Rule Number: 3EE07B8F
Date of Creation: 06/06/03 12:31:27
Action: Deny
Source: Any
Destination: Any
Access Specification: Vendor Name = Third Party
Category Mask = 3FFFFFCC

That's our main Surfcontrol filter: Any/Any.
The denial report also showed the URL that was denied as being
http://www.amazon.co.uk:443/ . So I added a rule allowing
http://www.amazon.co.uk:443/* and THAT worked.

This surprises me because the URL you get to through "Connect to
secure
server" when the denial rule is disabled is
http://www.amazon.co.uk/exec/obidos/...xx-xxxx-xxxxxx
i.e.
NOT amazon.co.uk:443/ .

So why do I need to specifically allow :443/ ? Surfcontrol so far deny

there is a specific rule against amazon.co.uk:433, so can anyone
explain
how this :443/* works and why I needed a specific rule to allow it?

Thanks,


Steve Law