In SGOS 6.5.5.x and later, the behavior of the appliance has changed to handle the HTTP CONNECT request on port 80. Now the
proxy allows CONNECT requests on port 80.Previous to SGOS 6.5.5.x, using any port other than 443 for
CONNECT requests with detect protocol disabled results in the request being denied.
See the following for examples:
CONNECT request behavior on port 80 in SGOS 6.5.4.4:
CONNECT tcp://www.google.de:80/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0
user: unauthenticated
authentication status='not_attempted' authorization status='not_attempted'
EXCEPTION(connect_method_denied): CONNECT to a port other then 443 (the default HTTPS port) are not permitted
url.category: Search Engines/[email protected] Coat
CONNECT request behavior on port 80 in SGOS 6.5.5.7:
connection: service.name=Explicit HTTP client.address=10.167.7.233 proxy.port=8080
time: 2015-02-24 20:04:18 UTC
CONNECT tcp://www.google.de:80/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0
user: unauthenticated
authentication status='not_attempted' authorization status='not_attempted'
url.category: Search Engines/[email protected] Coat
total categorization time: 0
static categorization time: 0
server.response.code: 0
client.response.code: 200
This behavior was updated for WebSocket support in SGOS 6.5.5.2 (to prevent plain WebSocket from failing).
In explicit mode, HTTP proxy would receive a HTTP CONNECT on HTTP port (port 80 as a plain WebSocket).