ProxySG writes the rs-version as HTTP/1.0 in HTTP/2.0 environment.

book

Article ID: 211855

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS Content Analysis Software

Issue/Introduction

To confirm HTTP/2.0 behavior we set special config for ProxySG(SG) accesslog.

  • Using custom accesslog format that added fields cs-version and rs-version
  • Content Analysis(CAS) in network environment that blocks access when a virus is found

SG writes the accesslog value of rs-version as HTTP/1.0 in an HTTP/2.0 environment in some cases.  
The unexpected rs-version value occurs when a response is blocked by CAS because the response contains a virus.

Cause

When a virus is detected by CAS, the SG parses two HTTP responses: the original HTTP response from the origin server, and the replacement HTTP response from CAS when the virus is detected.  
The replacement HTTP response from CAS has an HTTP version of HTTP/1.0, and the SG is overriding the rs-version based on the replacement HTTP response from CAS (since the replacement HTTP response from CAS is the second response parsed by the SG, and is used to generate the response back to the client).

Environment

Release : SGOS7.2.x.x

Component : Accesslog

Resolution

The rs-version written as HTTP/1.0 is a limitation of SG.
This is cosmetic behavior that does not cause any issues with HTTP/2.0 traffic between SG to OCS.

Additional Information

SG's custom accesslog configuration.

==============================================

!- BEGIN access_logging
access-log ;mode
enable
create format "http_v"
edit format http_v ;mode
type elff "date time c-ip sc-status s-action cs-method cs-uri-scheme cs-host cs-uri-stem cs-version rs-version"
exit

==============================================

Attachments