How to Pass all HTTP Headers (SecuritySpy iOS app)

We run the Security Spy software for our security cameras. I've put it behind the WAF, and it works accessing it via a web browser.

They have an iOS app which does not work when the server is behind the WAF.

Turned off the virtual web server's Firewall Profile so it should not be blocking anything.

The developer of the Security Spy software said, "The problem is that SecuritySpy passes a custom HTTP header to the app to identify itself. This is apparently not getting passed through by your proxy. Normally there would be a configuration option in the proxy to pass all HTTP headers, and this typically solves this problem - does your Sophos device have such an option?"

To me that sounds like the 'Pass host header' option in Advanced. I turned that on, but it will does not work.

WAF log:

2020:12:19-09:49:32 astaro1-2 httpd: id="0299" srcip="110.140.33.176" localip="192.168.99.2" size="17" user="-" host="110.140.33.176" method="GET" statuscode="401" reason="-" extra="-" exceptions="-" time="1537519" url="/++systemInfo" server="cameras.bordo.com.au:9001" port="9001" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="X90x@1@dirtTEecAvgxEeAAAAAk"
2020:12:19-09:49:33 astaro1-2 httpd: id="0299" srcip="110.140.33.176" localip="192.168.99.2" size="2939" user="-" host="110.140.33.176" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="384810" url="/++systemInfo" server="cameras.bordo.com.au:9001" port="9001" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="X90x-V@dirtTEecAvgxEeQAAAAo"

Any suggestions?

Thanks,

James.

Parents Reply Children