ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
HTTP CONNECT method on the ProxySG appliance changed
Article ID: 168532
Updated On:
Products
Asset Management Solution
ProxySG Software - SGOS
Issue/Introduction
In SGOS 6.5.5.x and later, the behavior of the appliance has changed to handle the HTTP CONNECT request on port 80. Now the proxy allows CONNECT requests on port 80.
Previous to SGOS 6.5.5.x, using any port other than 443 for CONNECT requests with detect protocol disabled results in the request being denied.
See the following for examples:
CONNECT request behavior on port 80 in SGOS 6.5.4.4:
CONNECT tcp://www.google.de:80/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0
user: unauthenticated
authentication status='not_attempted' authorization status='not_attempted'
EXCEPTION(connect_method_denied): CONNECT to a port other then 443 (the default HTTPS port) are not permitted
url.category: Search Engines/[email protected] Coat
CONNECT request behavior on port 80 in SGOS 6.5.5.7:
connection: service.name=Explicit HTTP client.address=10.167.7.233 proxy.port=8080
time: 2015-02-24 20:04:18 UTC
CONNECT tcp://www.google.de:80/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0
user: unauthenticated
authentication status='not_attempted' authorization status='not_attempted'
url.category: Search Engines/[email protected] Coat
total categorization time: 0
static categorization time: 0
server.response.code: 0
client.response.code: 200
This behavior was updated for WebSocket support in SGOS 6.5.5.2 (to prevent plain WebSocket from failing).
In explicit mode, HTTP proxy would receive a HTTP CONNECT on HTTP port (port 80 as a plain WebSocket).
Previous to SGOS 6.5.5.x, using any port other than 443 for CONNECT requests with detect protocol disabled results in the request being denied.
See the following for examples:
CONNECT request behavior on port 80 in SGOS 6.5.4.4:
CONNECT tcp://www.google.de:80/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0
user: unauthenticated
authentication status='not_attempted' authorization status='not_attempted'
EXCEPTION(connect_method_denied): CONNECT to a port other then 443 (the default HTTPS port) are not permitted
url.category: Search Engines/[email protected] Coat
CONNECT request behavior on port 80 in SGOS 6.5.5.7:
connection: service.name=Explicit HTTP client.address=10.167.7.233 proxy.port=8080
time: 2015-02-24 20:04:18 UTC
CONNECT tcp://www.google.de:80/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0
user: unauthenticated
authentication status='not_attempted' authorization status='not_attempted'
url.category: Search Engines/[email protected] Coat
total categorization time: 0
static categorization time: 0
server.response.code: 0
client.response.code: 200
This behavior was updated for WebSocket support in SGOS 6.5.5.2 (to prevent plain WebSocket from failing).
In explicit mode, HTTP proxy would receive a HTTP CONNECT on HTTP port (port 80 as a plain WebSocket).
Feedback
Yes
No
Powered by
