With DRTR enabled, HTTPS requests on port 80 are not being tunneled when protocol detection is disabled and the url category is allowed
Article ID: 168726
Asset Management Solution
ProxySG Software - SGOS
Starting in SGOS 22.214.171.124, access to secure HTTP (HTTPS) sites is denied although the sites are allowed via policy.
This issue is caused by a timing bug in policy evaluation in SGOS, under the following conditions:
- The ProxySG appliance has DRTR enabled
- The appliance has protocol detection disabled
- User are trying to access the access HTTPS sites over the a non-standard port 80, such as port 80 instead of port 443
Install the following policy to force the appliance to TCP tunnel but detect the initial protocol and hand it off to the correct worker.
http.method=CONNECT url.port=80 detect_protocol(ssl,http)