search cancel

WSS reports showing internal_error messages with no user and an address of -://-:0/


Article ID: 241465


Updated On:


Web Security Service - WSS


Proxy forwarding setup into WSS

ProxySG healthchecks enabled for 8080, 8443 and 8084 TCP ports

Healthchecks are TCP based - open connection with TCP SYN and once complete, issue TCP FIN to close connection without exchanging any data

WSS reports showing no user with the address of -://-:0/ (no scheme, host or port information) as shown below



Product defect handling proxy forwarded healthcheck requests.

Healthchecks on TCP 8443 caused of the issue (only TCP port in server mode on onprem ProxySG configuration and not proxy mode)

The WSS proxy handling request is expecting Application data and does not get any

Can replicate by setting up a proxy forwarding location and then generating a netcat probe on TCP 8443 to the WSS VIP for a tenant with a Proxy forwarding location defined

[email protected]:~> nc -v -n 8443
Connection to 8443 port [tcp/*] succeeded!



Ignore the errors for now - defect has been opened with plan to drop these log entries.

Additional Information

We can technically disable this log entry with the following CPL

http.request.body.size=0 proxy.port=8443 access_log(no)