Support of HTTP/2 by Edge SWG (formerly ProxySG) Appliances
search cancel

Support of HTTP/2 by Edge SWG (formerly ProxySG) Appliances

book

Article ID: 174021

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

HTTP/2 (originally named HTTP/2.0) is a major revision of the HTTP network protocol used by the World Wide Web. The standardization effort was supported by Chrome, Opera, Firefox, Internet Explorer 11, Safari, Amazon Silk, and Edge browsers. Most major browsers had added HTTP/2 support by the end of 2015.

Resolution

Edge SWG (formerly ProxySG) devices support HTTP/2 starting with 7.1.1.1 and later. Handling of HTTP/2 for prior releases is as follows:

  • Edge SWG (formerly ProxySG) running SGOS 6.7 supports HTTP/2 via downgrading to HTTP/1.1.
  • Edge SWG (formerly ProxySG) running SGOS 6.6.3.2 or later supports HTTP/2 via downgrading to HTTP/1.1.
  • Edge SWG (formerly ProxySG) running SGOS 6.5.8.3 or later supports HTTP/2 via downgrading to HTTP/1.1.

Note: For any issues experienced with HTTP/2 on SGOS releases that do not support it, you can apply a workaround at the browser level or tunnel the requests in question (see below).

 

Workaround

Disable HTTP/2 protocol in your browsers to allow the Edge SWG (formerly ProxySG) appliance to load the webpage.

  • Chrome:
    • Create a shortcut with the following target in order to disable the HTTP2 flag (location might change depending on the OS):

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-http2

  • Firefox:
    • In the address bar, enter: about:config
    • In the list of commands, find network.http.spdy.enabled.http2
    • Set network.http.spdy.enabled.http2  to false
  • Internet Explorer:
    • Select Tools > Internet Options > Advanced.
    • Under HTTP settings, clear the Use HTTP/2 check box.

For explicit Edge SWG deployments, protocol detection can be used for HTTPS connections so that the HTTP traffic is tunneled through the appliance:

     <proxy>
     url.domain=example.com detect_protocol(none)

Additional Information

HTTP/2 offers improved performance due to its compression of HTTP headers, and multiplexing multiple requests and responses over a single connection. The feature is enabled by default, without the need for additional configuration or policy, and includes the following:

  • HTTP/2-enabled browsers use HTTP/2 when going through the proxy
  • Clients requests use HTTP/2 when making requests to the proxy
  • Proxy uses HTTP/2 when sending requests to upstream hosts
  • Existing policy for inspecting HTTP traffic and sending it to an ICAP service also apply to HTTP/2 requests and
    responses

You can change the above default behavior by configuring settings and policy via the appliance CLI.

Configuring HTTP/2 Settings and Policy
To configure HTTP/2 on the appliance, use the new #(config) http2 commands. Refer to the Command Line Interface Reference for details.