Cannot apply HTTP/2 policy to Cloud SWG via UPE
Article ID: 259115
Updated On:
Products
Issue/Introduction
Users accessing service-now via Cloud SWG reporting issues auto-populating ServiceNow forms.
Troubleshooting identified an issue with HTTP/2 protocol via Cloud SWG, which ServiceNow does not support.
Cloud SWG admin tried to disable HTTP/2 protocol for that domain using following CPL within UPE:
<proxy HTTP2>
condition=HTTP2_Bypass http2.client.accept(no) http2.server.request(no)
define condition HTTP2_Bypass
client.connection.ssl_server_name.substring=bcomtest.service-now.com
client.connection.ssl_server_name.substring=bcomdev.service-now.com
client.connection.ssl_server_name.substring=bcom.service-now.com
end condition HTTP2_Bypass
Pushing the policy change resulted in following error being reported (when applied to 'WSS' or 'Appliance' - works when only applying it to 'Appliance' which does not impact Cloud SWG)
Can HTTP/2 policies be applied to Cloud SWG via UPE?
Environment
Management Center/UPE.
Cloud SWG.
HTTP/2 based Applications.
Cause
Cloud SWG policy compiler does not support HTTP/2 policies.
Resolution
Cloud SWG Engineering aware of issue, and the support for HTTP/2 policies within UPE for Cloud SWG will be available mid February 2023.
As a workaround, please contact the Cloud SWG support team to add the required changes to the back end until such time as fix available.
Note that any HTTP/2 domains that are failing may also be worked around adding an SSL inspection bypass for the problem domain(s).
Attachments
Feedback
