Why are certain requests are referenced as tcp:// instead of https:// in the Access Log?

Article Id: 167491

Status: Published

Updated On: 13-05-2017 10:32

Legacy Id: TECH243367

Products:

ProxySG Software - SGOS

Issue/Introduction:

Why are certain requests are referenced as tcp:// instead of https:// in the Access Log?
You want to know why certain requests are referenced as tcp:// instead of https:// in the Access Log

Resolution:

In a CONNECT tunnel, the proxy has no idea what layer 7 protocol is being used. The layer 7 protocol could be HTTPS, but it could be something else as well, even on port 443. Some people tunnel non-HTTPS protocols over port 443 as a way to evade firewalls. All the proxy really knows about the traffic traveling over a CONNECT tunnel is that the layer 4 protocol is TCP, so that is how the request is referenced. It would be misleading to automatically assume that the protocol was HTTPS.