Upgrade-Insecure-Requests HTTP Header Causing Issues With Transparent HTTP Authentication
search cancel

Upgrade-Insecure-Requests HTTP Header Causing Issues With Transparent HTTP Authentication

book

Article ID: 172360

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

When the browser initiates an HTTP connection using the "Upgrade-Insecure-Requests" header and is then redirected by the Proxy to authentication to the Proxy virtual URL on port 80, but the client is connecting on port 443 because of the "Upgrade-Insecure-Requests" header, which can cause an issue if the Proxy is not configured for this. 

Cause

Looking at a PCAP, it can show that the Proxy redirects to port 80, but the browser then connects on 443 to the redirect URL. This is not good because the proxy is redirecting to port 80, not 443. Further, the proxy is configured for SSL auth, but not on port 443, but rather 8433. Needless to say, the authentication request fails.  

Resolution

Using an HTTPs reverse proxy listener that redirects to the Virtual URL on 443 or 8443. 

The browser will then accept the redirect to an SSL connection, and the Proxy will be configured to intercept and authenticate this request which should fix the problem.