We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

Some websites could not be displayed via the HTTP Proxy in phion legacy firmware

  • Type: Knowledgebase
  • Date changed: 5 months ago
Solution #00005222 
 
Scope:
This solution replies to:
- netfence firmware versions 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4
 
 
Symptoms:
Some web sites are not displayed via die phion HTTP-Proxy or Secure Web Proxy.  For example http://support.microsoft.com/ or search results from http://www.bing.com


 

Solution:

The requested page does possible use HTTP/1.1 and not HTTP/1.0 . HTTP/1.1 is supported up to squid 2.9 and is also included in release 3.0. For more details take a look on the squid roadmap http://wiki.squid-cache.org/RoadMap/Squid2.

 

The problem has been fixed with netfence 4.2.5. The "proxyNG" and the "flashProxy" uses the squid engine 3.1, which supports HTTP/1.1 .

If you us a previous netfence version or the standard "HTTP Proxy" or the "Secure Web Proxy", then there are two possible solutions for this problem:


1) Disable HTTP/1.1 on client side:

Internet Explorer (release 7.0 or higher):
Disable the HTTP/1.1 support in the Internet Explorer Settings via "Extras" > "Internet Options" > "Advanced" > "Settings for HTTP 1.1". The squid 3.0 will be included in netfence release 5.0. At this release HTTP/1.1 will be supported.

Mozilla Firefox (release 2.0 or higher):
Enter the value "about:config" into the address bar and search for "http" in the filter bar. Doubleklick on the parameter "network.http.accept-encoding" and delete all string-values from this parameter.


2) Disable HTTP/1.1 on HTTP-proxy side:

For HTTP-Proxy set this three options in "HTTP-Proxy Settings" > "Advanced" at the end of the configuration dialog. 

  header_access Accept-Encoding deny all
  header_access via deny all
  header_access X-Forwarded-For deny all

 

For Secure Web Proxy set this three options in "Secure-Web-Proxy Settings" > "Advanced" at the end of the configuration dialog:

  header_access Accept-Encoding deny all
  header_access via deny all
  header_access X-Forwarded-For deny all

 
This options generates a compatible HTTP/1.0 request without HTTP/1.1 elements, which could not be processed by the squid-proxy. With this settings the contacted HTTP server does not interpret the request as "chunked encoding" and the answers with a HTTP/1.1 confrom reply.
 
3) Disable HTTP/1.1 on Secure Web Proxy side:

You must enable the "no_accept_encoding_header" option to disable the HTTP/1.1 for the Secure Web Proxy. Enter the command line of the box, were the Secure Web Proxy is running and use the one of the needed commands above.
 

to enable "no_accept_encoding_header":
  /opt/microdasys/bin/oemtool accountconfig 1 no_accept_encoding_header yes

to disable "no_accept_encoding_header" (default value):
  /opt/microdasys/bin/oemtool accountconfig 1 no_accept_encoding_header no

to check if "no_accept_encoding_header" is enabled or disabled:
  /opt/microdasys/bin/oemtool get accountconfig 1 no_accept_encoding_header


Note:
This HTTP/1.1 disable option for the Secure Web Proxy is available in Release 4.2.4 and above.

 

 

Link to This Page:
https://campus.barracuda.com/solution/50160000000IKaFAAW