NowWAP Issue

NowWAP Issue SearchSearch
Author Message
ydnar lim
New member
Username: Ramil

Post Number: 8
Registered: 09-2010
Posted on Wednesday, October 27, 2010 - 12:12 am:   

Hi Support,

We are having problems to access Blackberry Application world, so far the problem is that NowWAP is rejecting this traffic, you can see the following log from NowWAP:

10.3.4.63 50373060234 [26/Oct/2010:15:39:45 -0600] "CONNECT " 200 0 "" ""
10.3.4.63 50373060234 [26/Oct/2010:15:39:45 -0600] "CONNECT appworld.blackberry.com:80" 403 0 "" ""
10.3.4.63 50373060234 [26/Oct/2010:15:39:47 -0600] "GET http://appworld.blackberry.com/ClientAPI/featured" 200 22721 "" "AppWorld/2.0.0.36"
10.3.4.63 50373060234 [26/Oct/2010:15:40:09 -0600] "CONNECT appworld.blackberry.com:80" 403 0 "" ""
10.3.4.63 50373060234 [26/Oct/2010:15:40:36 -0600] "CONNECT appworld.blackberry.com:80" 403 0 "" ""
10.3.4.63 50373060234 [26/Oct/2010:15:40:38 -0600] "CONNECT appworld.blackberry.com:80" 403 0 "" ""
10.3.4.63 50373060234 [26/Oct/2010:15:40:39 -0600] "CONNECT appworld.blackberry.com:80" 403 0 "" ""
10.3.4.63 50373060234 [26/Oct/2010:15:40:41 -0600] "CONNECT appworld.blackberry.com:80" 403 0 "" ""
10.3.4.63 50373060234 [26/Oct/2010:15:40:45 -0600] "GET http://appworld.blackberry.com/ClientAPI/topnew" 200 23924 "" "AppWorld/2.0.0.36"
10.3.4.63 50373060234 [26/Oct/2010:15:40:58 -0600] "GET http://appworld.blackberry.com/ClientAPI/popular" 200 21991 "" "AppWorld/2.0.0.36"
10.3.4.63 50373060234 [26/Oct/2010:15:41:06 -0600] "GET http://appworld.blackberry.com/ClientAPI/toppurchased" 200 24338 "" "AppWorld/2.0.0.36"
10.3.4.63 50373060234 [26/Oct/2010:15:41:13 -0600] "GET http://appworld.blackberry.com/ClientAPI/content/16831" 200 3824 "" "AppWorld/2.0.0.36"
10.3.4.63 50373060234 [26/Oct/2010:15:41:17 -0600] "GET http://appworld.blackberry.com/ClientAPI/topthemes" 200 22387 "" "AppWorld/2.0.0.36"
10.3.4.63 50373060234 [26/Oct/2010:15:41:24 -0600] "GET http://appworld.blackberry.com/ClientAPI/topupdated" 200 23093 "" "AppWorld/2.0.0.36"
10.3.4.63 50373060234 [26/Oct/2010:15:43:46 -0600] "DISCONNECT " 200 0 "" ""
10.3.8.120 50373060234 [26/Oct/2010:15:50:32 -0600] "CONNECT " 200 0 "" ""
10.3.8.120 50373060234 [26/Oct/2010:15:50:32 -0600] "CONNECT appworld.blackberry.com:80" 403 0 "" ""
10.3.8.120 50373060234 [26/Oct/2010:15:50:34 -0600] "DISCONNECT " 200 0 "" ""
10.3.8.120 50373060234 [26/Oct/2010:15:50:35 -0600] "CONNECT " 200 0 "" ""
10.3.8.120 50373060234 [26/Oct/2010:15:50:35 -0600] "CONNECT appworld.blackberry.com:80" 403 0 "" ""
10.3.8.120 50373060234 [26/Oct/2010:15:50:37 -0600] "DISCONNECT " 200 0 "" ""
10.3.8.120 50373060234 [26/Oct/2010:15:50:39 -0600] "CONNECT " 200 0 "" ""
10.3.8.120 50373060234 [26/Oct/2010:15:50:40 -0600] "CONNECT appworld.blackberry.com:80" 403 0 "" ""
10.3.8.120 50373060234 [26/Oct/2010:15:50:42 -0600] "CONNECT appworld.blackberry.com:80" 403 0 "" ""
10.3.8.120 50373060234 [26/Oct/2010:15:50:44 -0600] "GET http://appworld.blackberry.com/ClientAPI/content/1079" 200 4590 "" "AppWorld/2.0.0.36"
10.3.8.120 50373060234 [26/Oct/2010:15:50:50 -0600] "CONNECT appworld.blackberry.com:80" 403 0 "" ""
10.3.8.120 50373060234 [26/Oct/2010:15:51:29 -0600] "CONNECT blackberryid.blackberry.com:443" 504 0 "" ""
10.3.8.120 50373060234 [26/Oct/2010:15:54:33 -0600] "DISCONNECT " 200 0 "" ""


Please review and feed back us as soon as possible.

Thank you,
Randy
Des - NowSMS Support
Board Administrator
Username: Desosms

Post Number: 2591
Registered: 08-2008
Posted on Wednesday, October 27, 2010 - 12:36 pm:   

Hi Randy,

Do you have the configuration option set to allow tunneling to non-standard ports? The application appears to be trying to tunnel to a server on port 80 instead of proxying to it...which is not supported unless this option is enabled.

--
Des
NowSMS Support
ydnar lim
New member
Username: Ramil

Post Number: 9
Registered: 09-2010
Posted on Thursday, October 28, 2010 - 02:43 am:   

Hi Des,

Thank you for the prompt response. But if its incase that the application is supported, how can we enable this option?

Current Version:
Now.WAP Proxy v2010.06.15


Thank you,
Randy
Des - NowSMS Support
Board Administrator
Username: Desosms

Post Number: 2594
Registered: 08-2008
Posted on Thursday, October 28, 2010 - 06:24 pm:   

Hi Randy,

Sorry if I was not clear ...

The configuration option I am referring to is on the "HTTP" page of the NowWAP configuration dialog.

--
Des
NowSMS Support
ydnar lim
New member
Username: Ramil

Post Number: 10
Registered: 09-2010
Posted on Friday, October 29, 2010 - 12:24 am:   

Hi Des,

Can you please confirm if no other security problems will be affected or arise if we enable this option? e.g. our clients using applications to tunnel encrypted traffic to Internet over different ports than TCP 443…


After the upgrade to v2010.06.15 the problem persists our WAP Gateway is still denying the access because it identifies the World BlackBerry Application traffic as tunneled traffic over port 80 as you can see in packets 5, 16 and in the attached capture file.


Appreciate your quick response.


Thank you,
Randy
application/octet-streamlogs
World_BB_App_test_28oct2010_1.pcap (281.6 k)
Des - NowSMS Support
Board Administrator
Username: Desosms

Post Number: 2601
Registered: 08-2008
Posted on Friday, October 29, 2010 - 07:43 pm:   

Hi Randy,

Upgrading will not make a difference.

Unless the "non-standard ports" setting is enabled, NowWAP only allows "CONNECT" tunnels on port 443.

That is the way this setting has always been implemented.

I don't think it's a security problem to enable this setting. It is more of an issue that it may allow users to access more applications, and some operators may want users of other applications on a higher cost data plan/different APN.

If we have to add a special exception for Blackberry AppWorld in a future version we will, but for now, I think enabling the tunneling for non-standard ports is a viable solution.

--
Des
NowSMS Support
ydnar lim
New member
Username: Ramil

Post Number: 12
Registered: 09-2010
Posted on Wednesday, November 10, 2010 - 01:22 am:   

Thank you very much for your help.




Regards,
Randy
ydnar lim
New member
Username: Ramil

Post Number: 20
Registered: 09-2010
Posted on Tuesday, January 11, 2011 - 11:11 pm:   

Hi Support,

Can I request for the removal of this thread due to some risk to the confidentially agreement of our customer.

Thank you & regards,
Randy
Des - NowSMS Support
Board Administrator
Username: Desosms

Post Number: 2823
Registered: 08-2008
Posted on Wednesday, January 12, 2011 - 08:22 pm:   

Hi Randy,

Any potentially customer identifying information (log files, IP addresses and/or URLs) have been removed or altered in this and the other threads.

I don't want to remove the threads, because the technical information is potentially useful to other customers. If you have additional concerns, please e-mail nowsms@nowsms with Attention: Bryce in the subject line of the message. He will perform any other clean-up requested. (In the past we have also changed user names and/or account handles to remove any association.)

--
Des
NowSMS Support