Why, in some cases, does a ProxySG send back a (2xx) response to a "CONNECT" request without opening a socket to the OCS first?


<< Back to Knowledge Search

Solution

Overview

This behavior can sometimes appear in contradiction to RFC2817 which stipulates that when a Proxy returns a (2xx) response to a connect request, it means that the proxy has established a connection to the origin server. When looking at packet captures, we sometimes see the proxy return a (2xx) response and then reset the client connection, and at the same time not attempt to connect to the OCS.

It is also possible that in the event where the origin server is not available, the client still gets a (2xx) from the proxy.

 

This behavior changes depending on the protocol detection feature.

When protocol detection is disabled, the Proxy won't examine the connection and simply relay the information to the origin server. In this case here, a simple tunnel is established and the ProxySG will not send a (2xx) response back to the client without first checking with the origin server

When protocol detection is enabled, the ProxySG needs to examine what the client sends before it opens a connection to the origin server, which in turn means the proxy needs to return a (2xx) to the client so that the client starts sending it's first request. In this case here, the ProxySG is partly acting as an origin server and RFC2817 mentions that an origin server can return a (2xx) response when a connection is established.

 

Cause
Resolution
Workaround
Additional Information
Bug Number
InQuira Doc IdFAQ1827
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      ProxySG
Topic      Networking
Article Number      000016478
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat