Inspector blocking traffic from (supposedly) Ignored client

[tescophil]

Hi,

Problem relates to untangle blocking Kindle access to the Amazon store.

Because the Kindle is unable to install untangles root cert I have set up an Ignore rule so that traffic is not inspected by the HTTPS inspector. However, the Inspector still blocks traffic from the ignored client :

Screenshot from 2015-11-21 12:23:12.png

Turning OFF the HTTPS inspector solves the problem, so no other untangle modules are involved.

Q1. Why is it blocking traffic I;ve told it to Ignore ?
Q2. Solutiuon ?

Thanks.

[tescophil]

OK,

Answering my own question here...

Under the configuration section of the Inspector is an option to 'Block Invalid Traffic', if I un-check this, then all is well...

However, this is a global option (which is bad...), it should be an additional option in the Ignore ruleset, as I don't want to globally allow all invalid trafic, but just on the source IP I want to ignore...

Feature request ?

[dmorris]

I would open a support ticket.

Your screenshot shows that there are a few ignore HTTPS sessions.

My guess would be that there are also some non-HTTPS stuff going on port 443 that the kindle is doing.
If its not HTTPS it has a choice to either just allow it or block it, given that it can't parse it.