ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
What HTTP response code does the ProxySG return to a CONNECT request?
Article ID: 169351
Updated On:
Products
ProxySG Software - SGOS
Issue/Introduction
Protocol detection enabled. SSL interception enabled:
The ProxySG will return a "200 Connection established" to a CONNECT request, even if the request is denied by policy. The access denied response is returned to the client within the SSL session.
Protocol detection enabled. No SSL interception defined:
The behavior is similar to the above. By default, the ProxySG intercepts SSL on exception and returns the access denied response to the client within the SSL session.
Protocol detection enabled. SSL interception disabled by policy:
The ProxySG will still return a "200 Connection established" to a CONNECT request. However, the browser will show a "page cannot be displayed" type message because the ProxySG cannot return an access denied response without intercepting SSL.
Protocol detection disabled:
The ProxySG will return a "403 Forbidden" to a CONNECT request if protocol detection is disabled.
The ProxySG will return a "200 Connection established" to a CONNECT request, even if the request is denied by policy. The access denied response is returned to the client within the SSL session.
Protocol detection enabled. No SSL interception defined:
The behavior is similar to the above. By default, the ProxySG intercepts SSL on exception and returns the access denied response to the client within the SSL session.
Protocol detection enabled. SSL interception disabled by policy:
The ProxySG will still return a "200 Connection established" to a CONNECT request. However, the browser will show a "page cannot be displayed" type message because the ProxySG cannot return an access denied response without intercepting SSL.
Protocol detection disabled:
The ProxySG will return a "403 Forbidden" to a CONNECT request if protocol detection is disabled.
Feedback
Yes
No
Powered by
