HTTPS Interception Causes Issues with Some Amazon CloudFront Service Sites
book
Article ID: 168855
calendar_today
Updated On:
Products
Asset Management SolutionData Center Security Monitoring EditionProxySG Software - SGOS
Issue/Introduction
When the ProxySG appliance intercepts HTTPS, sites hosted by Amazon CloudFront service may not be accessible.
Cause
The ProxySG adds the "Cache-Control: max-stale=0" header when accessing URLs. When HTTPS traffic is intercepted, this header is added to that traffic. Some of the sites hosted by Amazon's CloudFront service return s 504 Gateway Time-out response, if the request contains "Cache-Control: max-stale=0".