Why do my PCAPs show an HTTP RESPONSE from the proxy as HTTP/1.1 403 Forbidden (text/html)?

book

Article ID: 167567

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

There are two primary reasons for this behavior.

1) When you see this HTTP RESPONSE in a packet capture (PCAP), it's likely that proxy is denying the request.

To verify this, get a policy trace, and look for the exact HTTP REQUEST sent by the client, and match  it with the policy rules. You will find either a DENY or Denied by Exception result.
You can then modify to rule allow this HTTP REQUEST, if appropriate.

 

2) There is also a possibility that the upstream (proxy/device/firewall/server etc.) is denying it.

To verify this, get a concurrent PCAP (this proxySG and upstream device), so that you can match the exact URI of the request to the response it returns.

 

For support to help identify this issue, please create a SR and provide the relevant information, example:

a) PCAP (proxy and/or concurrently with upstream device)
b) Policy trace
c) Sysinfo
d) Event Log

Also please provide the following information during the capture of these data:

i) Client machine IP used for this test
ii) URL or server IP
iii) Error prompted on the browser, and how long it takes to be prompted

Thanks.