I want to change the default layout of the blocking pages. How can I add my company logo and add custom blocking forms?
The blocking pages are webpages, which are used to give the user a response when a web request could not be satisfied. All these neccesary files are supplied with the proxy installation, but they can be changed and adapted to your needs.
The blocking pages are located within the installation directory of the proxy. ("/opt/cyan/sweb/templates")
Linux / Appliance / VMWare:
Windows:
Please do not change any CYAN variables in the html files. These are necessary for the proxy server to add information.
Do not overwrite the included images files. Use your own instead. With an upgrade the included images might be replaced.
I want to set up Firefox settings with GPOs.
Firefox manages it's own settings and ignores the default settings configured on the PC.
Before proceeding with distribution of proxy settings for Firefox, download and extract the package FirefoxADM on the server with Active Directory on it: http://sourceforge.net/projects/firefoxadm/
I got a problem which cannot be solved by the knowledge base articles or the howto's. What to do next? Which information does the support need to get me a solution?
For further support you can send an email to support@cyan-networks.com or call our support team at: +43(0)133933333.
The support hours are from Monday to Friday from 9am to 5pm CET.
If the knowledge base or the howtos cannot help you, please answer the following questions in your email:
After the last update of the proxy machine, I cannot access the interface any more. I always get an HTTP 500 error when I try to connect. Even If I try to use the management IP address pre-configured on the appliance solution I get the same error.
The Cyan Secure Web interface is running on a Java application. After every upgrade the interface needs to be unpacked. If there is an error during this process, you won't be able to connect to the interface.
Linux / Appliance / VMWare version:
If you still are not able to connect to the webinterface and the browser shows this error:
javax.xml.ws.WebServiceException: Failed to access the WSDL at: http://localhost:9992/middleware/cyanusermanagement.soap?wsdl
The you need to delete the user database:
I want to use FTP with the Cyan Secure Web proxy. How do I specify the correct FTP credentials to use?
To use FTP with the proxy, you need to specify which FTP server the proxy should use, and optionally what authentication parameters are necessary.
Cyan Secure Web supports following FTP authentication schemes:
You should choose the scheme depending on which FTP client you use and whether you use authentication or not.
Every time I try to connect to a host via direct IP (for example http://1.2.3.4/index.html) I get a blocking page that IP requests are not allowed. Where can I disable this feature?
Per default the Cyan Secure Web proxy is blocking IP requests (due to securtiy reasons). Every time a request goes directly over an IP address to a host, the proxy will block the request and deliver the blocking page to the client.
You can allow IP requests separately for HTTP and HTTPS, or you can define a list which hosts you like to allow.
To do these changes change go to the Cyan Secure Web interface. Under the Services Tab change to Proxy Settings/Web Proxy/IP Requests.
When I try to access a web page via HTTPS I get a blank page without an error message in Internet Explorer. In Firefox I get the message that the proxy is blocking the request. Why do I not see any blocking page?
if you have enabled the categorization filter, the proxy will also check hosts via HTTPS. If you try to connect via HTTPS to a website which is denied by the filter, the proxy will block the request.
With this version it is not possible for the proxy to send a blocking page inside the SSL tunnel to the client. Thus you don't get a blocking page from the proxy but from the browser when the request is blocked.
Change to Cyan Secure Web Interface and allow the specific host or the category of the blocked request.
Cyan Secure Web Support sent me a binary file. How can I upload it to the Secure Web machine?
With the linux/appliance version:
For the windows version:
I always get a blocking page when I try to access a specific web site. It says that the request is denied because of the category filter.
The category filter of the proxy is blocking the request.
To avoid this, you can add a list of URLs to a user defined categories and set this category to allow.
To allow a site, proceed as following:
When you try to enable a portal side like www.tiscali.it or www.bild.de, some of the site content usually is located on different hosts.
When you allow tiscali.it or bild.de and you see an incomplete page or garbled layout, you need to check where the blocked content is located. Right click with you mouse on the site and select "view page source". There you can see all requests made for this web page.
When you allow all the involved hosts, you should be able to see a complete page.
When i try to access some sites, i always get a blocking page with "blocked by reason category 80", but when I try to allow this category I cannot find it in the proxy interface.
Category 80 of the IBM SDK's blocking list is not supported by the Secure Web proxy at the moment.
You need to deactivate the category 80 over the command line by adding a configuration key manually to your config database.
Proceed step by step:
On linux/appliance:
For the windows solution, please contact [email protected].
When I try to download an archive file, i get a delay page or a virus scanning error, although I didn't enable Anti Virus scanning.
If you enabled DAI (Deep Archive Inspection), the archive downloads over the proxy will proceed the same way as they do during virus scanning. The file will be saved on the proxy machine, scanned for the content inside and sent to the client afterwards.
There are two ways:
The performance over the proxy is decreasing, surfing gets slower and slower.
There can be many problems about that:
Try some test on your system:
To check the DNS use following commands:
You can check the hard disk usage with this command:
To check the health status of your machine use the following command. If you got a high load, it could be that some processes are keeping the proxy busy.
Use this command to check the health status:
If you can't find the problem, please contact us at [email protected] and attach all those points to the mail for information.
The Adobe Update Manager cannot connect via the proxy. It always shows connection problems. Without the proxy the Update Manager works.
There are several possible problems:
You will find a pre-configured user agent for the Adobe Update Manager in the Cyan Secure Web interface.
Change to Proxy Settings, Web Proxy/User Agents. You can check the configuration of the user agent there.
Make sure that the agent has "no virus scanning", or "decelerated send" enabled and uses "no authentication".
The Windows Update Manager cannot connect via the proxy. It always shows connection problems. Without the proxy the update works.
There are several possible problems:
If NTLM authentication is enabled, the Windows Update Manager won't be able to pass the credentials to the proxy. It usually starts as system user account and is not able to send correct user data to the proxy.
With virus scanning enabled, the proxy will try to send a delay page to the Update Manager during the download. The Update Manager doesn't recognize this page and disconnects the download.
You will find a pre-configured user agent for the Windows Update Manager in the Cyan Secure Web interface.
Change to Proxy Settings, Web Proxy/User Agents. You can check the configuration of the user agent there.
Make sure that the agent has "no virus scanning", or "decelerated send" enabled and uses "no authentication".
The web interface isn't reachable anymore, or I cannot login.
Even if I try to restart the interface on the command line, I get the error: ABNORMAL TERMINATION.
Most likely your hard disk is full. The interface cannot unpack or write log files any more. When you restart the interface, the process is not able to shut down correctly.
Remove files, which are blocking the system.
You are able to check if the hard disk is full with the following command:
$ df --si
You can try to remove some log files from the /opt/cyan/sweb/logs directory.
Once you freed some space, restart the interface by using the command:
$ /etc/init.d/sweb admin restart
I haven't enabled the HTTPS interception feature, but I still get an certificate error.
When you try to access a host, which is blocked by the category blocker via HTTPS, the proxy needs to send a blocking page to the client in this HTTPS connection.
The certificate's name won't match the target host's name, thus triggering a certificate error on the browser.
There are two ways to get rid of the message:
Enable the host. You can find how to enable the host in the KB Article Can't access HTTPS sites
Deactivate the feature "Send blocking Page into SSL tunnel". You can enable or disable the feature under the https interception settings
When I try to connect to an FTP server, which needs authentication, I get no authentication popup to enter my username and password.
If you want to authenticate on an FTP server over HTTP you need to use the correct syntax to connect.
Use following syntax to authenticate and connect to your FTP server over HTTP:
ftp://ftpusername:[email protected]/
When I try to connect to the Internet over my smart phone it doesn't work. When I change the network settings to use the proxy, it still won't work.
Most mobile phone cannot detect the proxy settings used for the network automatically. You need to specify where to find the proxy.
When you have authentication enabled, you need to make an exception for the mobile phone.
You can find the network settings for the iPhone/iPad under WIFI Settings/Your network on the bottom. There you can set up the phone to use the proxy server.
On the proxy server you need to generate an IP instance entry for the mobile device. Assign a profile to this entry afterwards to use your ruleset for the device.
When I try to watch a video or audio stream with the Windows Media plugin, I get no stream, or an authentication popup. Even after I typed in my username and password nothing changed.
You should have this problem only when you authenticate via NTLM. The windows media player plugin cannot send a correct NTLM token.
There are two ways to solve this problem:
When the request isn't authenticated, the default profile will be used!
(If you block Streaming Media in your default profile, then you won't see the video after applying the solution)
I want to access the command line of the Cyan Secure Web Appliance, but I don't know how to login.
Per default there is no login for the command line enabled on the appliance solutions. (for security reasons)
To change to the command line you need to enable the csupport user. To do this change into the Secure Web interface. Navigate to the orange appliance menu, Maintenance and Appliance Accounts. Now you can enable the csupport user and specify a password.
With this user you can now login to the command line (for example over putty) and change to the root shell by using the command:
$ sudo -i
My machine doesn't respond any more and I already had contact with Cyan Support to identify the problem. They told me to do a unit replacement.
When the machine has a hardware defect, you need to replace the whole machine.
For backing the whole system up you can use the delivered sdcard. Plug it into the sdcard reader on the back of the machine and trigger a manually backup under the Cyan Secure Web interface located at: Appliance menu/Maintanence/Sdcard.
Please do the following steps:
When I try to generate a user/group/ip based report, the list of users are empty! Even if I click on update user list, nothing change.
There can be two cases:
To enable the log feeder service, change to the Secure Web Interface. Under the services menu tab go to Logging/reporting/log feeder. There you need to enable the log feeder and specify the location of the CRS system.
Under the Cyan Reporting System interface you can see when the maintenance job will run the next time. To trigger the job manually change into the CRS interface, Settings/Maintenance and click on the run now button. This job needs to be run once before you can use the user/group/ip feature when you create a new named report.
Every report I create contains no data. When the report is finished and I open it, I get a message that the report contains no data.
There are two possible problems:
To enable the log feeder service, change into the Cyan Secure Web Interface. In the services menu change to logging/report logging/log feeder. There you can enable and configure the Cyan Secure feeding service to move the data into the Cyan Reporting System. After an hour (default log rotation time) you should be able to generate reports.
I need to generate a report with specific data inside it, which isn't available in the current CRS reports list. How can I get a new report?
To request a new report, contact support and send following information:
What should the report show in general?
Which criteria do you want to apply?
What should the report look like? (What do you like to see In the first row, what in the second, what kind of chart do you want to see at the end of the report)
We will prepare the new template and you will get it with the next patch update.