search cancel

"400 Bad request" error accessing reddit.com via WSS

book

Article ID: 242909

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Users accessing internet sites successfully via WSS using WSS agent

The reddit.com site seems to be an exception. Although allowed based on the classification (newsgroup/forums), users accessing the site see following "400 Bad request" error:

When we enable a TLS bypass for reddit.com domain, everything works fine.

 

Cause

Reddit.com does not handle X-Forwarded-For with random IPv6 addresses 

Environment

Release : 1.0

Component : Default-Sym

Resolution

A number of options exist:

1. Go to HTTP header modification policy and use IPv4 instead of randomised IPv6 addresses for this domain

2. Disable TLS inspection so that WSS does not add the X-Forwarded-For HTTP header to outbound requests

3. If using UPE to administer WSS, remove or modify the X-Forwarded-For HTTP header value to any IPv4 address 

4. Contact WSS Support to add a custom policy to disable addition of the X-Forwarded-For HTTP header for reddit.com domain.

Additional Information

Can replicate the same behaviour without any WSS by inserting the X-Forwarded-For HTTP header into request destined for reddit.com

[email protected] /cygdrive/c/Users/nc736209/Documents/WSS/Policies/UPE/Neil-Test-Env
_$ curl -H 'X-BlueCoat-Via: 2ee2420f3b36a442' -H 'X-Forwarded-For: 2001:0DB8:073a:67cf:4440:e4b0:43d4:9de3' http://www.reddit.com_

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>400 Bad Request</title>
</head>
<body>
<h1>Error 400 Bad Request</h1>
<p>Bad Request</p>
<h3>Error 54113</h3>
<p>Details: cache-iad-kiad7000057-IAD 1652869295 1258259296</p>
<hr>
<p>Varnish cache server</p>
</body>
</html>

[email protected] /cygdrive/c/Users/nc736209/Documents/WSS/Policies/UPE/Neil-Test-Env
$ curl -H 'X-BlueCoat-Via: 2ee2420f3b36a442' http://www.reddit.com