Users running Opera Browser are able to access restricted Cloud SWG sites
Article ID: 263271
Updated On:
Products
Issue/Introduction
Users accessing internet sites via Cloud SWG using WSS Agent.
User policies block a number of categories including gambling, pornography, etc.
Users are able to access restricted sites when running Opera browser, yet access to the same site is blocked from the same host with an Edge browser or Chrome.
No specific User-Agent policies exists that could allow Opera browser through.
Environment
WSS Agent.
IP, Domain and Application bypasses exist with Cloud SWG network configuration.
Cause
Application bypass wildcard path matches with Opera and causes traffic to be sent direct to Web sites.
Resolution
Remove a very open Application bypass added for another Application, but that is impacting Opera.
From the Symdiag logs, we can see that the path to the Opera Application is the following:
wss interceptor-comm.cpp 621 CheckForAppBypass 000041C8 00007554 5 03/15/2023-11:02:22.0011872 Info App should be bypassed for pid:36200 ip:192.168.164.1 port:65367 path:C:\Users\user1\AppData\Local\Programs\Opera\opera.exe
The Symdiag also includes a bl.lic file with the bypass Applications, where we found a match … the Virbela bypass matches the path the Opera app is running from. It’s also extremely general and could impact a lot of other apps that may generate Web traffic. Here's the Portal view of the Virbella App bypass.
By cleaning up the Virbella bypass entry and making it more granular to that App, Opera no longer matched and all worked fine i.e. users accessing the gambling sites were blocked in the same manner as with Chrome/Edge.
Feedback
