Troubleshooting Issues with Nessus Plugin Updates that Traverse a ProxySG

book

Article ID: 169138

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Unable to update Nessus Vulnerability Assessment Tool via ProxySG in Explicit Connection.

Nessus Plugin Feed server IP: 50.31.149.100

E.g.
# nessuscli update --all
----- Fetching the newest updates from 50.31.149.100 -----
[error] Could not connect to 50.31.149.100 through proxy <ProxySG IP: 8080
[error] Nessus Plugins: Failed to send HTTP request to 50.31.149.100
Nessus Plugins: Failed

[error] Could not connect to 50.31.149.100 through proxy <ProxySG IP: 8080
[error] Nessus Core Components: Failed to send HTTP request to 50.31.149.100
Nessus Core Components: Failed

* Failed to update Nessus Plugins
* Failed to update Nessus Core Components

Cause

Packet capture shows request with user-agent string Nessus/* and 406 Response. Reason is because the http CONNECT request header syntax is not acceptable. It is not accepted and 406 Response will be sent by ProxySG immediately without applying policy rules.

Request Header

CONNECT 50.31.149.100 :443 HTTP/1.1
Host: 50.31.149.100 :443
Connection: keep-alive
Proxy-Connection: Keep-Alive
User-Agent: Nessus/6.5.2


Response Header
HTTP/1.1 406 Not Acceptable
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Proxy-Connection: close
Connection: close
Content-Length: 652

<TITLE>Request Error</TITLE>
Request Error (unsupported_protocol)
Your request used a protocol that is not currently supported.
For assistance, contact your network support team.

 

Resolution

Workaround

By default ProxySG parse HTTP requests strictly and rejecting all syntax errors. A workaround is to configure ProxySG in CLI to tolerate certain syntax errors in HTTP requests.

> enable
# show http
# config t
#(config) http tolerant-request-parsing

NOTE: This will enable tolerant-request-parsing