When forwarding an HTTPS connection from an explicit proxy, why do I receive a "503 Service unavailable" error?

book

Article ID: 167413

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

You have an explicit proxy and you want to forward HTTPS connections to an upstream server (not a proxy). You have configured the forwarding host with HTTPS (or TCP Tunnel) but when you try to connect, you get 503 Service unavailable error message.

 

Resolution

One of the reasons why this happens is that you do not have 'detect protocol' enabled. Without this setting, the ProxySG does not know what service the CONNECT request is for, so it will simply forward the actual CONNECT request.


Web servers do not understand CONNECT requests, generally only proxies do. With detect protocol enabled, the SG can determine that this is going to be an SSL (specifically HTTPS) connection and can then initiate the upstream TCP and SSL handshakes, rather than sending the actual CONNECT request upstream.