This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to Pass all HTTP Headers (SecuritySpy iOS app)

We run the Security Spy software for our security cameras. I've put it behind the WAF, and it works accessing it via a web browser.

They have an iOS app which does not work when the server is behind the WAF.

Turned off the virtual web server's Firewall Profile so it should not be blocking anything.

The developer of the Security Spy software said, "The problem is that SecuritySpy passes a custom HTTP header to the app to identify itself. This is apparently not getting passed through by your proxy. Normally there would be a configuration option in the proxy to pass all HTTP headers, and this typically solves this problem - does your Sophos device have such an option?"

To me that sounds like the 'Pass host header' option in Advanced. I turned that on, but it will does not work.

WAF log:

2020:12:19-09:49:32 astaro1-2 httpd: id="0299" srcip="110.140.33.176" localip="192.168.99.2" size="17" user="-" host="110.140.33.176" method="GET" statuscode="401" reason="-" extra="-" exceptions="-" time="1537519" url="/++systemInfo" server="cameras.bordo.com.au:9001" port="9001" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="X90x@1@dirtTEecAvgxEeAAAAAk"

2020:12:19-09:49:33 astaro1-2 httpd: id="0299" srcip="110.140.33.176" localip="192.168.99.2" size="2939" user="-" host="110.140.33.176" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="384810" url="/++systemInfo" server="cameras.bordo.com.au:9001" port="9001" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="X90x-V@dirtTEecAvgxEeQAAAAo"

Any suggestions?

Thanks,

James.

This thread was automatically locked due to age.

Parents

0 BAlfson over 3 years ago

Hey James,

Did you select 'Enable WebSocket passthrough' in the Site Path Route?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 jlbrown over 3 years ago in reply to BAlfson

Thanks Bob. I didn't. Enabled it , but still doesn't work. :-(

In fact, I turned all those three options on and still nothing.

Thanks for the suggestion.

James.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 jlbrown over 3 years ago in reply to BAlfson

Thanks Bob. I didn't. Enabled it , but still doesn't work. :-(

In fact, I turned all those three options on and still nothing.

Thanks for the suggestion.

James.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 jlbrown over 3 years ago in reply to jlbrown

The developer of the app (Security Spy) provided some more info:

"The "Host" header is not the one that Security Spy uses - it's a custom header (which is allowed by the HTTP spec, but stripped out by some proxies unfortunately)"
Cancel
Vote Up 0 Vote Down

Cancel