- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
[site blocked: ocsp2.globalsign.com] on SRR60
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi!
I get [site blocked: ocsp2.globalsign.com] in my logfiles, preventing me to get access to services when using e.g. appltv and different apps. Also blocking other services like scrive.
I've read some threads about simular problems but havn't found a solution that works.
There is one tip about adding https service in "Blocked services" but that seams for me to do the opposite of what I want to achive?
I use block keywords but I have checked more then once that the blocked (but good sites) havn't the blocked keyword in the URL.
Any ideas where I can find more info about this or a solution?
Netgear Orbi Pro AC3000 (SRR60, SRS60) with FW 2.5.3.110
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After I sent my log files I got the suggestion to remove the word "sex" from the "blocked keywords" list. After doing that I now don't experience any blocked sites.
Thank you @BruceGuo for quick feedback and solution.
//Johan
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: [site blocked: ocsp2.globalsign.com] on SRR60
Blocking ocsp2.globalsign.com will break the revocation status check by OCSP* of any https certificates signed by GlobalSign, and probably even more private PKIs making use of the GlobalSign OCSP service, so many https sites (and APIs or whatever cloud connectivity) will simply blocked or lowered in the security, too.
*Online Certificate Status Protocol (OCSP) is the Internet protocol used for obtaining the revocation status of an X.509 digital certificate.
No idea why Orbi Pro should block this site - considering there is no crappy Internet security stuff in the play - just on it's own.
Have any URLs in the blocking list on your Orbi Pro router?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: [site blocked: ocsp2.globalsign.com] on SRR60
Yes, that's my point - donno why they get blocked, feels random. I can see they get access from other local IP numbers. Looks like it's from apps on Apple TV that sometimes get blocked.
[site blocked: mailgun.scrive.com]
[site blocked: ocsp2.globalsign.com]
[site blocked: ocsp.int-x3.letsencrypt.org]
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: [site blocked: ocsp2.globalsign.com] on SRR60
@JohanHolmberg wrote:Yes, that's my point - donno why they get blocked, feels random.
More than that - just silly to block these... But then again, I still don't understand what exactly is blocking this - considering there are no crazy Internet Security "packages" on the Orbi Pro. @BruceGuo
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: [site blocked: ocsp2.globalsign.com] on SRR60
@JohanHolmberg Can you send me debug files so I can create a ticket to ask engineering teams to investigate?
1. Log into Orbi Pro by https://<ip address of Orbi Pro>/debug.htm
2. Click and save debug files. Send me via PM.
Bruce
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: [site blocked: ocsp2.globalsign.com] on SRR60
@YeZ please investigate with R&D how it is possible that a product intended for SOHO or SMB does block domains on it's own - without any external service in use, without any Internet Security **** like Armor or Circle in place, without a expicit entry in the blocking list. Some R&D fingers need to be cut .....
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: [site blocked: ocsp2.globalsign.com] on SRR60
Thank you @BruceGuo, I have sent a PM.
I'm new to Orbi Pro, so it may be a newbie behind the steering wheel cousing this.
But as far as I can tell it's not.
The latest two:
[site blocked: ocsp2.globalsign.com] from source 10.0.1.23, Sunday, October 11, 2020 12:40:12
[site blocked: ocsp2.globalsign.com] from source 10.0.1.6, Saturday, October 10, 2020 09:11:00
Both Apple TV's, and may be related to using Cmore app.
[site blocked: sims4cdn.ea.com] from source 10.0.1.31, Sunday, October 11, 2020 14:59:38
This one is PS4
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After I sent my log files I got the suggestion to remove the word "sex" from the "blocked keywords" list. After doing that I now don't experience any blocked sites.
Thank you @BruceGuo for quick feedback and solution.
//Johan
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: [site blocked: ocsp2.globalsign.com] on SRR60
@BruceGuo can you please spread some light why the keyword blocking with the text sex should have blocked e.g. ocsp2.globalsign.com please? I could understand e.g. on how the University https://www.essex.ac.uk/ or the trucking business http://www.transextransport.ch/ would be blocked. It's of course also possible technical web services could have any combination of chars in the technical URLs - and this can't be the idea that these are blocked... Thank you!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: [site blocked: ocsp2.globalsign.com] on SRR60
@BruceGuo wrote:@schumaku this feature checks full "URL" with keywords. It is a simple string matching. So your examples would be matched.
Hm, not the University one - because it's https. 8-)
This keyword blocking method implemented is mostly obsolete in times of https. As this "feature" does bring more isues on radnom technical URLs than it can ever resolve, it should be removed.
The reason for the question: On other business products we see a "new" idea for URL blocking - based on catching the DNS queries. Secured/encrypted DNS does also bring this to an end.
Conclusion: This feature is a dead horse overall - unless one does it on the end point.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: [site blocked: ocsp2.globalsign.com] on SRR60
It worked fine 2 days after removing "sex" in the Block keywords list.
Today I got new blocked sites:
I guess as you say @schumaku this way of blocking sites by using keywords in a list is not optimal and should not be used. I for sure will disable it and look for an other solution.
//Johan