"Bad Request (Invalid Hostname)" appears when InterScan Web Security Virtual Appliance (IWSVA) 6.0 in reverse proxy is deployed for virtual hosting

Interscan Web Security Virtual Appliance6.0 , Interscan Web Security Virtual Appliance6.5

Last updated: 2021/08/28

Solution ID: KA-0003853

Category: Troubleshoot

You would like IWSVA in reverse proxy configuration to protect a web server that is hosting several websites by virtual hosting.

When testing the deployment with a single server IP, you get the error “Bad Request (Invalid Hostname)" on your browser.

The issue occurs because IWSVA overwrites the Host header in the HTTP request with the IP or FQDN of the web server configured in IWSVA.

To resolve the issue, configure IWSVA not to overwrite the Host header:

Open the /etc/iscan/intscan.ini configuration file of IWSVA and set “ProxyPreserveHost" to "yes".
This prevents the proxy from overwriting the Host header of requests before forwarding them to the original server. This is useful when the original server supports virtual hosts.
In the deployment wizard, configure the protected server IP as the unique IP address of the actual web server.
Configure the A record of the hostnames of the virtual websites to be the IWSVA IP address in DNS.

IWSVA will then support the deployment for virtual hosting with a single server IP.

Was this article helpful?