This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with virtual server if host header includes port number

It seems that if one includes the port number in the host header the Sophos reverseproxy does not like really like that to much and bails out with an 502-error. When ommiting the port in the header all goes well and everything does what it is supposed to do.

Our config is configured as follows:

  • 1 virtual server, https + redirect, pass host headers, no protection profile
  • 2 real servers, plaintext, port 80, keepalive 300

The following request to a virtual server on an UTM with version 9.509-3 results in the '502 Proxy Errors':

curl -H "Host: www.domain.com:443"  https://www.domain.com/

Resulting messages in packetfilterlog:

2018:05:30-16:02:54 utm-01-2 httpd: id="0299" srcip="xxx.xxx.xxx.xxx" localip="xxx.xxx.xxx.xxx" size="981" user="-" host="xxx.xxx.xxx.xxx" method="POST" statuscode="200" reason="-" extra="-" exceptions="-" time="50731" url="/" server="REF_RevFroDomai21312" port="443" query="" referer="-" cookie="-" set-cookie="ROUTEID.8d12f726c0dc9f55d35b217e9ebcb8a0=.node1; path=/; httponly; secure" uid="Ww6vDgoBCPwAAHHzQnoAAACQ"
2018:05:30-16:02:54 utm-01-2 httpd[29171]: [proxy_http:error] [pid 29171:tid 3810777968] (20014)Internal error: [client xxx.xxx.xxx.xxx:55858] AH01102: error reading status line from remote server 10.0.0.1:80
2018:05:30-16:02:54 utm-01-2 httpd[29171]: [proxy:error] [pid 29171:tid 3810777968] [client xxx.xxx.xxx.xxx:55858] AH00898: Error reading from remote server returned by /
2018:05:30-16:02:54 utm-01-2 httpd: id="0299" srcip="xxx.xxx.xxx.xxx" localip="xxx.xxx.xxx.xxx" size="388" user="-" host="xxx.xxx.xxx.xxx" method="POST" statuscode="502" reason="-" extra="-" exceptions="-" time="1028" url="/" server="REF_RevFroDomai21312" port="443" query="?" referer="-" cookie="-" set-cookie="-" uid="Ww6vDgoBCPwAAHHzQnsAAACK"

The real server shows the normal 200 codes in its acces log.

Has anyone seen this behaviour before and know of a setting I overlooked? Or could this be an issue with the Sophos software?

 

P.S. I also tried to do some settings changes on the reverseproxy.conf, but that doesn't seem to work at all, it doesn't even break on systax/config errors? 



This thread was automatically locked due to age.
  • Hoi M.D. and welcome to the UTM Community!

    I think that if you need 'Pass host header', you will need to enable HTTPS on your web server and change the Real Server accordingly.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA