Is it possible to allow the following line="HTTP/1.1 999 Request denied\x0d\x0a" and if so, how?
Other than using a packet filter...
You'll need to use a packet filter for that traffic.
(Error: ProxyDeny: HTTP Invalid Request-Line Format, in the log message)https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000g3GiSAI&lang=en_US
WatchGuard Customer Support
Thank you both,
A filter it will be then.
This is one thing I hate about "exceptions" that are not actual exceptions.
The http exceptions are looking at the actual URL path in the HTTP get request to determine the path to make the exception for. Even when the URL is matched, it only excludes specific portions of the proxy as documented here:
If the HTTP traffic is malformed, or completely invalid, it won't have a path to read, so there's nothing to actually exclude
Using a policy that matches a FQDN to an IP address and passing that traffic via a packet filter is the only way to bypass because there's no way to match a URL path to a piece of traffic that doesn't have a proper HTTP request.