search cancel

A Qualys scan claims the the Web Gateway is vulnerable when the proxy is enabled.


Article ID: 164031


Updated On:


Web Gateway


When you scan the Web Gateway with Qualys, the report shows a vulnerability with QID 62026 and 62035 regarding the CONNECT method


Qualys considers this a vulnerability due to the possibility of the CONNECT method being used as a reverse proxy and traversing your internal network. The CONNECT method is required for the SWG proxy to support HTTPS.


There should be a perimeter firewall in front of the Web Gateway that blocks requests coming from the Internet on the proxy port to prevent proxy requests from the outside. In addition, you can disable the CONNECT method by enabling  the 'Block SSL Traffic on HTTP Port(s)' option on the Proxy tab and using the SSL Deep Inspections proxy function for this.