search cancel

HTTP 417 Expectation failed error when running behind the Client Site Proxy

book

Article ID: 162769

calendar_today

Updated On:

Products

Web Security.cloud

Issue/Introduction

The web server cannot meet the requirements of the Expect request-header field sent by the client/application that is routing HTTP traffic via the Client Site Proxy server.

HTTP 417 Expectation failed

By enabling logging for the client site proxy, you would be able to see the 417 HTTP error code in the access.log.

Content from access.log:

172.16.22.69 - - [28/Dec/2015:10:06:26 -0500] "POST http://url.domain.com/startup.asmx HTTP/1.1" 417 1869 TCP_MISS:NONE

A packet capture will also show this information, key information to look for in the packet capture:

Hypertext Transfer Protocol
HTTP/1.0 417 Expectation failed\r\n
X-Squid-Error: ERR_INVALID_REQ 0
X-Cache: MISS from ClientSiteProxy
Expect: 100-continue\r\n

Cause

Many applications rely on using a special HTTP/1.1 header (Expect:100-continue) when doing a POST, which is not supported by Squid NT version, which is used by our Client Site Proxy.

Resolution

To have the client site proxy server ignore any Expect: 100-contine header present in the request, you will need to add the following lines under "acl HEAD Method HEAD" in the ACLs section of C:\ClientSiteProxy\etc\squid.conf file.

# TAG: Ignore any Expect: 100-continue header sent from third-party applications
ignore_expect_100 on

After you have completed the configuration changes, make sure you restart the Client Site Proxy service for the changes to take effect