Jump to content

HTTP 1.1 403 forbidden to ESET Update servers


Recommended Posts

Hi, I'm troubleshooting an issue with my proxy servers.  When they reach out to the ESET servers, they are receiving a 403 forbidden error.

The HTTP 403 Forbidden response status code indicates that the server understands the request but refuses to authorize it. 

So, this leads me to ask this question.  Do the ESET update servers REQUIRE secure connectivity?  I haven't seen anything in the documentation that states it requires it.

Observing the screenshot, 10.32.14.106 is the client and 10.32.2.23 is my proxy server.   Thanks!

 

eset_wireshark_capture.PNG

Link to comment
Share on other sites

  • Administrators

From the screenshot it is not clear why Cisco Meraki is blocking access to the ESET server.

I'd recommend excluding communication with ESET's servers listed at https://support.eset.com/en/kb332 from being filtered by Meraki.

Quote

Do the ESET update servers REQUIRE secure connectivity?

Update is performed via HTTP in a secure manner. HTTPS is supported only for update from a local mirror.

Link to comment
Share on other sites

I found the issue.  I thought I had to have my proxyremote statement in the global proxy configuration, pointing to the remote proxy chain.  It appears it needed to be on the remote proxy pointing to the global proxy.

Does that sound accurate?  We do have a Cisco Meraki device at the remote site, which was probably blocking.

Link to comment
Share on other sites

  • Administrators

Not sure if I understand. If you connect through a proxy server, it must be set up correctly in the Endpoint setup (Tools -> Proxy server). The proxy must be allowed to communicate with ESET's servers listed in the KB above.

Link to comment
Share on other sites

I have two proxy servers. I had this 'ProxyRemote * hxxp://10.96.2.31:3128' in my original global config, because I thought that statement forwarded to 10.96.2.31, saying it was the ProxyRemote.

Instead, I should have added 'ProxyRemote * hxxp://10.32.2.2.3:3128' to the alternate proxy server configuration. The blocking was coming from the Cisco Meraki device at the remote location.  I never realized it was trying to hit the remote location, which caused the confusion.  I'm good now.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...