Unable to play Flash video behind HTTP Proxy. Works fine with Microsoft ISA Server.
Packet captures from Microsoft ISA Server shows :
No. Time Source Destination SrcPort DstPort Protocol Info
2244 18.886 10.10.10.191 10.10.10.10 2685 8080 HTTP CONNECT c-3cafa6e9203506f43a60d65feaf99f43.a-asiahkbn.i-768e5108.rtmp.atlas.cdn.yimg.com:1935 HTTP/1.0
2250 18.887 10.10.10.191 10.10.10.10 2686 8080 HTTP CONNECT c-3cafa6e9203506f43a60d65feaf99f43.a-asiahkbn.i-768e5108.rtmp.atlas.cdn.yimg.com:443 HTTP/1.0
2251 18.889 10.10.10.10 10.10.10.191 8080 2685 HTTP HTTP/1.1 502 Proxy Error ( The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. ) (text/html)
2256 18.892 10.10.10.191 10.10.10.10 2687 8080 HTTP CONNECT c-3cafa6e9203506f43a60d65feaf99f43.a-asiahkbn.i-768e5108.rtmp.atlas.cdn.yimg.com:80 HTTP/1.0
2257 18.894 10.10.10.10 10.10.10.191 8080 2687 HTTP HTTP/1.1 502 Proxy Error ( The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. ) (text/html)
2262 18.897 10.10.10.191 10.10.10.10 2688 8080 HTTP POST http://c-3cafa6e9203506f43a60d65feaf99f43.a-asiahkbn.i-768e5108.rtmp.atlas.cdn.yimg.com:1935/fcs/ident2 HTTP/1.1 (application/x-fcs)
2269 18.931 10.10.10.10 10.10.10.191 8080 2688 HTTP HTTP/1.1 200 OK (text/plain)
2270 18.931 10.10.10.191 10.10.10.10 2688 8080 HTTP POST http://c-3cafa6e9203506f43a60d65feaf99f43.a-asiahkbn.i-768e5108.rtmp.atlas.cdn.yimg.com:443/fcs/ident2 HTTP/1.1 (application/x-fcs)
2290 22.006 10.10.10.10 10.10.10.191 8080 2688 HTTP HTTP/1.1 502 Proxy Error ( Connection refused ) (text/html)
2312 22.224 10.10.10.10 10.10.10.191 8080 2686 HTTP HTTP/1.1 502 Proxy Error ( Connection refused ) (text/html)
Packet capture from SG shows :
No. Time Source Destination SrcPort DstPort Protocol Info
1648 32.731 10.10.10.191 10.10.10.10 2609 8080 HTTP CONNECT c-625055320812415e04b1b597beed3aa2.a-asiahkbn.i-dfffa70a.rtmp.atlas.cdn.yimg.com:1935 HTTP/1.0
1651 32.774 10.10.10.10 10.10.10.191 8080 2609 HTTP HTTP/1.1 200 Connection established
1662 32.882 10.10.10.191 10.10.10.10 2610 8080 HTTP CONNECT c-625055320812415e04b1b597beed3aa2.a-asiahkbn.i-dfffa70a.rtmp.atlas.cdn.yimg.com:443 HTTP/1.0
1663 32.884 10.10.10.10 10.10.10.191 8080 2610 HTTP HTTP/1.1 200 Connection established
1672 33.902 10.10.10.191 10.10.10.10 2611 8080 HTTP CONNECT c-625055320812415e04b1b597beed3aa2.a-asiahkbn.i-dfffa70a.rtmp.atlas.cdn.yimg.com:80 HTTP/1.0
1673 33.904 10.10.10.10 10.10.10.191 8080 2611 HTTP HTTP/1.1 200 Connection established
Install the following Content Policy Language into the Local/Central Policy to have SG deny invalid HTTP requests from Adobe Flash clients
<Proxy>
url.port=!443 http.method=CONNECT request.header.user-agent=Flash force_deny
url.port=443 http.method=!CONNECT request.header.user-agent=Flash force_deny