HTTP2 sites access(chrome browser only) fails with SGOS 7.x
search cancel

HTTP2 sites access(chrome browser only) fails with SGOS 7.x

book

Article ID: 248372

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

HTTP2 sites access using Chrome browser fails with Edge SWG. User will see either "Access Denied" or captchas will be triggered from OCS. This issue is observed by websites hosted on Cloudflare.

Cause

SGOS is reordering the HTTP/2 pseudo header. Some of the websites are triggering some extra security checks.

Resolution

This issue will be addressed in future SGOS release. Please use one of the following workaround:

  • Disable Protocol Detection for the specific website : Create a CPL layer and use the code:

                                 <proxy>  url.domain="www.example.com" detect_protocol(none)

         This workaround will disable the SSL interception and policies will not apply.

  • Disable the HTTP/2 on the Proxy for a particular website:

                                 <proxy> client.connection.ssl_server_name.substring=www.example.com http2.client.accept(no) http2.server.request(no)

         This workaround will selectively disable HTTP/2 on the proxy for just the specific site. This will downgrade the browser connections to HTTP/1.1 . However, you can still do the SSL interception and policy evaluation.

  • Disable HTTP/2 protocol in chrome browser:

         Please follow the article: https://knowledge.broadcom.com/external/article/174021/support-of-http2-by-proxysg-or-advanced.html

 

Note: This issue is fixed in SGOS 7.3.10.

 

Powered by Wolken Software