I have a TCP_ERROR when traffic is redirected to http port 443

book

Article ID: 167708

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

 I have a TCP_ERROR when traffic is redirected to http port 443.

Resolution

Some URLs will redirect the traffic to http://host.domain:443 rather than to https://host.domain. The browsers will parse this request as https://host.domain and therefore the redirection will work smoothly. However, when the browser is configured for explicit proxy, the browser will send the request as an HTTP GET to port 443 in proxy mode. The ProxySG appliance will forward that request to the server as plain GET request to TCP port 443. The server will reset the request because it is not valid, and hence the ProxySG appliance will forward an http 503 error (service unavailable) to the client. This is a poor method of redirection from the original OCS and the workaround on the ProxySG appliance is to redirect the traffic to HTTPS.

To accomplish this, you must install a redirect policy in the local policy as in the following example:

define action redir

redirect( 302, "http://host.domain(.*)", "https://host.domain$(1)" )

end action redir

<proxy>

ALLOW url.scheme=http url.host=host.domain action.redir(yes)