When forwarding an HTTPS connection from an explicit proxy, why do I receive a "503 Service unavailable" error?


Article ID: 167413


Updated On:


ProxySG Software - SGOS


You have an explicit proxy and you want to forward HTTPS connections to an upstream server (not a proxy). You have configured the forwarding host with HTTPS (or TCP Tunnel) but when you try to connect, you get 503 Service unavailable error message.



One of the reasons why this happens is that you do not have 'detect protocol' enabled. Without this setting, the ProxySG does not know what service the CONNECT request is for, so it will simply forward the actual CONNECT request.

Web servers do not understand CONNECT requests, generally only proxies do. With detect protocol enabled, the SG can determine that this is going to be an SSL (specifically HTTPS) connection and can then initiate the upstream TCP and SSL handshakes, rather than sending the actual CONNECT request upstream.