cancel
Showing results for 
Search instead for 
Did you mean: 
maitane
Level 7

Problem accessing webmail portal site.

Good morning,

We have a problem accessing to a webmail portal. When we try to access the site, the MWG returns us a response of  "Bad Gateway".

If we include the domain in the URL whitelist the MWG still displays the error "Bad Gateway"

However, if we include the domain in the Global whitelist, the message "Bad Gateway" is not displayed. This time the browser returns a message that can not display the requested web.

If we try to access from another network without MWG we do it without problems so the website does not have accessibility issues.

We did not get around this problem. Does anyone have any idea how to fix it and why is happening?

Thank you very much.

Best regards.

0 Kudos
13 Replies
asabban
Level 17

Re: Problem accessing webmail portal site.

Hello,

I just tried to access the URL via a random LAB MWG and I was able to get through to the Login page. Do you see the above error message when you login and do something, or does this already happen when you just try to access http://webmail.cebadvitoria.com/horde/ ?

Can you let us know which version of MWG you are running?

Best,

Andre

maitane
Level 7

Re: Problem accessing webmail portal site.

Hi Andre,

We are running MWG 7.1.0.4.0 version.

I can´t see the login page because just trying to access http://webmail.cebadvitoria.com the "Bad Gateway" error message is displayed.

Thanks for your help.

0 Kudos
asabban
Level 17

Re: Problem accessing webmail portal site.

Hello,

I think in 7.1.0.4 we had a problem with a timeout that was too small. If the server took more than 5 seconds to respond, the Bad Gateway showed up. When you access the URL, is the error message showing up immediatly, or can you see that the browser needs a couple of seconds (only 3-5 seconds, so very quick) until the page shows up?

Best,

Andre

maitane
Level 7

Re: Problem accessing webmail portal site.

Hello again,

The message appears instantly when trying to access.

0 Kudos
asabban
Level 17

Re: Problem accessing webmail portal site.

Okay, in this case the issue is maybe not related to the timeout. The Bad Gateway may be thrown because the server is sending a response which is not HTTP compliant, or violates the HTTP RFC in some way.

I have tested this again and I can replicate the issue with 7.0.1.x, but the issue seems to have gone in 7.1.5.x. Maybe you would like to upgrade your MWG to this version and retry?

maitane
Level 7

Re: Problem accessing webmail portal site.

Thanks Andre,

I'll make a VMWare test to see if it solves and will respond with the results.

Best regards.

0 Kudos
asabban
Level 17

Re: Problem accessing webmail portal site.

You may also want to try to connect to

http://webmail.cebadvitoria.com/horde/imp/login.php

It seems that the first 302 response coming back frmo the Web Server contains a body, which is gzip encoded, but the gzip encoding is not correct, so it can´t be decoded by MWG. Please have a look.

Best,

Andre

maitane
Level 7

Re: Problem accessing webmail portal site.

Thanks very much Andre,

Clicking the link you tell me it works perfectly.

Thanks again for your time and help.

Best regards.

0 Kudos
asabban
Level 17

Re: Problem accessing webmail portal site.

Hello,

sorry for the confusion, but now I understood it with a little Development help (so credits to Dev :-):

When you go to

webmail.cebadvitoria.com/horde

the Server returns a 302 (redirect) response. In the header it tells us that it will send gzip-encoded content, but it sends the response back without encoding. Therefore the server sends a malicious response here, which may be a bug on the server or the application.

MWG returns a Bad Gateway in this case.

If you do not receive the malformed response, for example by accessing the full link posted above, the request will go through.

This behaviour is fixed in an UPCOMING version, so both, 7.1.0 and 7.1.5 still have this issue. My previous test was working because I had the full path in the URL :-(

Actually there is a workaround which works with 7.1.5 and should also work with 7.1.0:

Auswahl_154.png

This rule will tell MWG to not sent an "Accept-Encoding" header to the Web Server. In this case the Web Server sends the same response, but does not claim that it sends GZIP encoded content. I quickly looked into a packet capture and this looks pretty good.

Maybe you want to try this first.

Sorry for the confusion.

best,

Andre