I have a hard time analyzing an upload problem on our MWG 188.8.131.52.0.
The user tries to upload a single picture or pdf file using the upload function within a ticketing system (OTRS) but gets an immediate 502 Cannot connect to server when pushing the Add button on the selected file calling a POST request for customer.pl URL.
This all happens during a persistent SSL connection where scanning is active. In the rule tracing I see that there is a "Request" and 10 "Request Embedded" numbered from 1 to 10 and no response message.
When running tcpdump on the MWG outer interface for the exact time frame of that action I see something which should not be possible: I see a single IP packet with length 13180 bytes and DF bit set, something which is never able to be sent on an ethernet adapter. This packet to the webserver is immediately followed by 10 RST packets from the webserver address. So the packet still gets fragmented and sent, I didn't check that.
This only happens with Firefox but not with IE. And it does not happen when SSL scanning is disabled of course.
Doesn't that sound like a bug? Why would there be 10 cycles for Embedded objects when there should be only a single file in the POST request?
We have the impression that this was working when we were at 184.108.40.206 but are not really sure about it. And we have some more uploads over SSL which started to fail after upgrading to 220.127.116.11.
Does this sound familiar to someone?