EdgeSWG throwing HTTP 400 response for POST requests after upgrading to SG OS 7.4 (7.4.2.1 and above)
Article ID: 403560
Updated On:
Products
Issue/Introduction
EdgeSWG throwing HTTP 400 response for POST requests after upgrading to SG OS 7.4
Upgrade was done to SG OS 7.4.2.1 and above
In the EdgeSWG policy trace, following is seen
location-id=0 access_type=unknown
time: 2025-05-28 00:09:25 UTC
POST https://example.com/post
DNS lookup was unrestricted
User-Agent: example
user: unauthenticated
authentication status='not_attempted' authorization status='not_attempted'
user: authenticated=false authorized=true relative username=''
verdict: EXCEPTION(invalid_request): Request could not be handled
url.category: none@Policy;example;Technology/Internet@Blue Coat
category groups: Business Related@Blue Coat;Technology@Blue Coat
total categorization time: 2
static categorization time: 2
server.response.code: 0
client.response.code: 400
Cause
Starting SG OS 7.4.2.1, to improve security, the appliance now blocks unencrypted HTTP POST requests from the client that contain a HTTPS URL. Now, when the appliance receives an HTTPS POST request over plain HTTP, the appliance returns a “400 Bad Request” response by default.
To configure the behavior of the appliance for these types of requests, use the following CPL property (the default is no):
http.allow_https_post_over_http(yes|no)
Resolution
Enable unencrypted HTTP POST requests from the client that contain a HTTPS URL using the following CPL in web access layer
http.allow_https_post_over_http(yes)
Feedback
