Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Redirection limitation in reverse proxy mode in InterScan Web Security Virtual Appliance (IWSVA) 6.5

    • Updated:
    • 28 Nov 2018
    • Product/Version:
    • InterScan Web Security Virtual Appliance 6.5
    • Platform:
    • N/A N/A
Summary
The redirection behavior in reverse proxy causes a network issue with HTTPS traffic.

Reverse proxy mode provides SSL encryption connection between the client and IWSVA, however, the connection between IWSVA and the Web server is always via HTTP. Therefore, to use reverse proxy mode, you must adjust the targeted protected web server considering that the connection is via HTTP.

Details
Public

In the following scenario, even if the client has established a connection with IWSVA via SSL, the web server returns an HTTP URL such as http://xxxx.xx.xx/ in the Location header. This causes to switch communication protocol from HTTPS to HTTP because the client tries to access http://xxxx.xx.xx.

Changing the configuration could help to keep the SSL connection although there may be an issue on the web server side. 

Trend Micro strongly recommends that you check the Location header of the web server before using reverse proxy mode.

Workaround

 
If you run the Deployment wizard again or perform a full migration from the Restore Configuration option after following these steps, the configuration file will be initialized.
  1. Log on to IWSVA as root via SSH (for example with an SSH shell such as PuTTy).
  2. Create a backup copy of the file https.conf:

    # cp -p /var/iwss/reverse_proxy/conf/service_conf/https.conf /var/iwss/reverse_proxy/conf/service_conf/https.conf.bak

  3. Use vi to edit the file https.conf:

    # vi /var/iwss/reverse_proxy/conf/service_conf/https.conf

  4. Insert the "proxy_redirect http:// https://;" string under the proxy_set_header line.
    If the web server is running on port 8080, "proxy_redirect http://$host:8080/ https://$host/;" must be inserted instead.

    Before:

    --------------------------------------------------   server {   ...   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;   proxy_set_header real-host $host;   --------------------------------------------------

    After:

    --------------------------------------------------   server {   ...   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;   proxy_set_header real-host $host;   proxy_redirect http:// https://;   --------------------------------------------------
  5. Save the file and quit.
  6. Restart the reverse proxy service.

    # /etc/iscan/S99ISreverseproxy restart

Premium
Internal
Rating:
Category:
Configure; Troubleshoot
Solution Id:
1121669
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.