Troubleshooting Issues with Nessus Plugin Updates that Traverse a ProxySG
book
Article ID: 169138
calendar_today
Updated On:
Products
ProxySG Software - SGOS
Issue/Introduction
Unable to update Nessus Vulnerability Assessment Tool via ProxySG in Explicit Connection.
Nessus Plugin Feed server IP: 50.31.149.100
E.g. # nessuscli update --all ----- Fetching the newest updates from 50.31.149.100 ----- [error] Could not connect to 50.31.149.100 through proxy <ProxySG IP: 8080 [error] Nessus Plugins: Failed to send HTTP request to 50.31.149.100 Nessus Plugins: Failed
[error] Could not connect to 50.31.149.100 through proxy <ProxySG IP: 8080 [error] Nessus Core Components: Failed to send HTTP request to 50.31.149.100 Nessus Core Components: Failed
* Failed to update Nessus Plugins * Failed to update Nessus Core Components
Cause
Packet capture shows request with user-agent string Nessus/* and 406 Response. Reason is because the http CONNECT request header syntax is not acceptable. It is not accepted and 406 Response will be sent by ProxySG immediately without applying policy rules.
Response Header HTTP/1.1 406 Not Acceptable Cache-Control: no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Proxy-Connection: close Connection: close Content-Length: 652
<TITLE>Request Error</TITLE> Request Error (unsupported_protocol) Your request used a protocol that is not currently supported. For assistance, contact your network support team.
Resolution
Workaround
By default ProxySG parse HTTP requests strictly and rejecting all syntax errors. A workaround is to configure ProxySG in CLI to tolerate certain syntax errors in HTTP requests.
> enable # show http # config t #(config) http tolerant-request-parsing NOTE: This will enable tolerant-request-parsing