search cancel

WSS reports showing internal_error messages with no user and an address of -://-:0/

book

Article ID: 241465

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Proxy forwarding setup into WSS

ProxySG healthchecks enabled for 8080, 8443 and 8084 TCP ports

Healthchecks are TCP based - open connection with TCP SYN and once complete, issue TCP FIN to close connection without exchanging any data

WSS reports showing no user with the address of -://-:0/ (no scheme, host or port information) as shown below

 

Cause

Product defect handling proxy forwarded healthcheck requests.

Healthchecks on TCP 8443 caused of the issue (only TCP port in server mode on onprem ProxySG configuration and not proxy mode)

The WSS proxy handling request is expecting Application data and does not get any

Can replicate by setting up a proxy forwarding location and then generating a netcat probe on TCP 8443 to the WSS VIP for a tenant with a Proxy forwarding location defined

[email protected]:~> nc -v -n 46.235.152.164 8443
Connection to 46.235.152.147 8443 port [tcp/*] succeeded!

 

Resolution

Ignore the errors for now - defect has been opened with plan to drop these log entries.

Additional Information

We can technically disable this log entry with the following CPL

<Proxy>
http.request.body.size=0 proxy.port=8443 access_log(no)

Attachments