After a configuration replication or service restart, browsing is not possible on browsers configured to pass through IWSVA.
The most recent HTTP log (var/iwss/log/http.log.yyyymmdd.0001) may contain similar entries as the following:
17:31:19.156 <INF><0:3847:3847> SIGSCAN: [ERROR-]REJECTING CONFIGURATION: configuration data problems recorded @<logToErr> @@<SSLog.cpp:73>
17:31:19.156 <INF><0:3847:3847> SharedInitialization failed: Scan Plug-in SigScan @<CreateScanContextImpl> @@<ScanContextImpl.cpp:4491>
This issue may occur due to an incorrect regular expression in the HTTP > HTTP Inspection > Filters section.
To make sure that this is the actual root cause, the next step is to enable verbose logging for HTTP Inspection:
Open the file /etc/iscan/IWSSPISigScan.dsc via a text editor, for example vi:
Change the following entry:
- Save the file.
Stop and start the HTTP scanning daemon:
Check the HTTP log again: an entry similar to the following may indicate the HTTP Inspection entry that is problematic: (i.e. "www.example.com")
11:20:39.711 <INF><0:31814:31814> SIGSCAN: [ERROR-]--- CompiledDirective::make: [SDF line 3 - www.example.com NOT GET HOST] Regular expression compile failed at offset 1:  nothing to repeat @<logToErr> @@<SSLog.cpp:73>
If this is the case, remove the entry from the IWSVA Inspection filter as indicated in the logs and restart all the services using the below command:
Check if browsing is possible.
Online regular expression verifiers may be helpful before adding to IWSVA. For example: