"400 Bad request" error accessing reddit.com via Cloud SWG(WSS)
Article ID: 242909
Updated On:
Products
Cloud Secure Web Gateway - Cloud SWG
Issue/Introduction
Users accessing internet sites successfully via Cloud SWG(WSS) using WSS agent
The reddit.com site seems to be an exception. Although allowed based on the classification (newsgroup/forums), users accessing the site see following "400 Bad request" error:
When enabling a TLS bypass for reddit.com domain the error is not seen.
Environment
Cloud SWG with anonymized IPv6 addresses configured
Cause
Reddit.com does not handle X-Forwarded-For with random IPv6 addresses
Resolution
A number of options exist:
- Go to HTTP header modification policy and use IPv4 instead of Anonymized IPv6 addresses. This is a global setting.
- Disable TLS inspection so that WSS does not add the X-Forwarded-For HTTP header to outbound requests
- If using UPE to administer WSS, remove or modify the X-Forwarded-For HTTP header value to any IPv4 address
- Contact WSS Support to add a custom policy to disable addition of the X-Forwarded-For HTTP header for reddit.com domain.
Additional Information
Can replicate the same behavior without any WSS by inserting the X-Forwarded-For HTTP header into request destined for reddit.com
_$ curl -H 'X-BlueCoat-Via: 2ee2420f3b36a442' -H 'X-Forwarded-For: 2001:0DB8:073a:67cf:4440:e4b0:43d4:9de3' https://www.reddit.com_
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>400 Bad Request</title>
</head>
<body>
<h1>Error 400 Bad Request</h1>
<p>Bad Request</p>
<h3>Error 54113</h3>
<p>Details: cache-iad-kiad7000057-IAD 1652869295 1258259296</p>
<hr>
<p>Varnish cache server</p>
</body>
</html>
$ curl -H 'X-BlueCoat-Via: 2ee2420f3b36a442' http://www.reddit.com
Feedback
Yes
No
Powered by
