This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to Pass all HTTP Headers (SecuritySpy iOS app)

We run the Security Spy software for our security cameras. I've put it behind the WAF, and it works accessing it via a web browser.

They have an iOS app which does not work when the server is behind the WAF.

Turned off the virtual web server's Firewall Profile so it should not be blocking anything.

The developer of the Security Spy software said, "The problem is that SecuritySpy passes a custom HTTP header to the app to identify itself. This is apparently not getting passed through by your proxy. Normally there would be a configuration option in the proxy to pass all HTTP headers, and this typically solves this problem - does your Sophos device have such an option?"

To me that sounds like the 'Pass host header' option in Advanced. I turned that on, but it will does not work.

WAF log:

2020:12:19-09:49:32 astaro1-2 httpd: id="0299" srcip="110.140.33.176" localip="192.168.99.2" size="17" user="-" host="110.140.33.176" method="GET" statuscode="401" reason="-" extra="-" exceptions="-" time="1537519" url="/++systemInfo" server="cameras.bordo.com.au:9001" port="9001" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="X90x@1@dirtTEecAvgxEeAAAAAk"
2020:12:19-09:49:33 astaro1-2 httpd: id="0299" srcip="110.140.33.176" localip="192.168.99.2" size="2939" user="-" host="110.140.33.176" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="384810" url="/++systemInfo" server="cameras.bordo.com.au:9001" port="9001" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="X90x-V@dirtTEecAvgxEeQAAAAo"

Any suggestions?

Thanks,

James.



This thread was automatically locked due to age.
Parents
  • Hey James,

    Did you select 'Enable WebSocket passthrough' in the Site Path Route?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks Bob. I didn't. Enabled it , but still doesn't work. :-(

    In fact, I turned all those three options on and still nothing.

    Thanks for the suggestion.

    James.

  • The developer of the app (Security Spy) provided some more info:

    "The "Host" header is not the one that Security Spy uses - it's a custom header (which is allowed by the HTTP spec, but stripped out by some proxies unfortunately)"

Reply
  • The developer of the app (Security Spy) provided some more info:

    "The "Host" header is not the one that Security Spy uses - it's a custom header (which is allowed by the HTTP spec, but stripped out by some proxies unfortunately)"

Children
No Data