After installing/upgrading to Symantec Web Gateway version 5.1.1 some websites are not accessible.

book

Article ID: 158325

calendar_today

Updated On:

Products

Web Gateway

Issue/Introduction

 After installing or upgrading to Symantec Web Gateway (SWG) version 5.1.1 some websites are not accessible while using SWG as an explicit proxy server.


Symantec Web Gateway

Error
The requested URL could not be retrieved
------------------------------------------------------------
While trying to retrieve the URL: <url>
The following error was encountered:

  * Read Timeout

The system returned:

  [No Error]

A Timeout occured while waiting to read data from the network. The network or server may be down or congested. Please retry your request.


 Alternatively, you may see a similar error:

"Read Error (104) Connection reset by peer."

Cause

In previous version the X-Forwarded_for exposed the internal IP address of clients to external server:

X-Forwarded_for: W.X.Y.Z

To address security concerns about exposing the internal client IP address to external sites the "X-Forwarded_for" was configured to hide the internal IP address:

X-Forwarded_for: unknown

 

Despite this header being a "X-" header, and by definition not constrained in value, some sites are unable to process requests with the "X-Forwarded_for" header set to "unknown".

For further information regarding the previous SWG behavior, please see: 

Title: TECH203619 - How to see originating IP addresses of connections coming through SWG proxy
URL: http://www.symantec.com/docs/TECH203619

Resolution

Upgrade to SWG software version 5.2.0.

Beginning with SWG version 5.2.0, the Proxy component of SWG no longer transmits an X-Forwarded_for: header during its communications to external servers.

 

 


Applies To

  • Product: Symantec Web Gateway
  • Version: 5.1.1
  • Operating mode: Proxy only / Inline + Proxy
  • Browser configured to use the Symantec Web Gateway as an explicit proxy

Attachments