Content Actions

Good day,
we have a problem with the content actions at the moment.
We have an app we wrote accesses our web server through a domain provided for it. The WatchGuard does the assignment via the Content Actions... this also works so everything wonderful, only at one point it comes to problems...

Generally every call runs over HTTPS/ TCP 443, only with one function
the WatchGuard logs a call over HTTP/TCP 443... Exactly at this point the configured content inspection rules are no longer effective.
So this call ends up on another server and causes a 60 seconds timeout...

Translated with www.DeepL.com/Translator (free version)

Allow "External IP SRC" "External IP DST" http/tcp 54836 443 External Trusted HTTP request (HTTPS-proxy.1-00) proc_id="http-proxy" rc="525" msg_id="1AFF-0024" proxy_act="HTTP-Content.Routing" geo_src="DEU" geo_dst="DEU" op="POST" src_ctid="c00000002d2919e0" dst_ctid="c000000053889e30" out_port="54836" srv_ip="xxxxxxxxxxx(Wrong)" srv_port="443" dstname="mydomain.company.com:443" arg="xxxxxxxxxxxxxxx(Right)" sent_bytes="1104" rcvd_bytes="1102" elapsed_time="60.008749 sec(s)"

This is different from other Logs.. mydomain.company.com:443 normaly there is no :443.

After the 60 seconds everything runs through successfully

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    My guess would be that the proxy is reading the SNI on the cert incorrectly, or it's wrong, based on that log.

    -If you're not on 12.7.1 already, please consider upgrading. There's quite a few proxy fixes/enhancements in the last few releases.
    -If you're already on 12.7.1 or that won't work, please consider opening a support case so that we can look into this more deeply.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.