cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
TSTS12
Level 8
Report Inappropriate Content
Message 1 of 2

Uniq ID for logging sent to parent proxy

Jump to solution

Hey,

I create a uniq connection ID on my child proxy (for later logging). I send this ID to my parent via http-header. On the parent I receive the ID by using Header.Request.Get. This value is written to a user defined variable. I like to log the uniq ID on the child proxy AND the parent proxy. This helps to aggregate logs later on.

This works fine for http and https without ssl scanning. As soon as I use ssl scanning the header value within Header.Request.Get is not accessible any more. It's available for the initial CONNECT. But not for all the https elements within the SSL-Scanning. So I am not able to log the uniq ID for all the SSL scanned objects. Even if I write the value of Header.Request.Get to a user define variable the variable is empty as soon as Web Gateway processes the elements within the SSL scanning.

I seem within ssl scanning all the defined variables are gone. Any ideas why? Maybe ssl scanning is a whole new cycle, even if it's the same https-connection. But even then I should be able to read the header from Header.Request.Get again. But this also does not work. Value is empty.

Any ideas? I think it's a bug. But maybe I am wrong or there is another way to do this.

cheers
Timo

https CONNECT. All good. Same for http:

ok.png

 

Problem with https within SSL scanning

fail.png

 

 

 

 

 

 

1 Solution

Accepted Solutions
TSTS12
Level 8
Report Inappropriate Content
Message 2 of 2

Re: Uniq ID for logging sent to parent proxy

Jump to solution

Within SSL the unencrypted Headers are not visible. So I am not able to receive them. If I add the header to the encrypted part (this requires SSL-Scanning on the child proxy, which I don't want to enable) the header can be retrieved.

Solution:
Starting from 7.8 there is a new event called Connection.Variables. This allows to store variables within the whole connection. Just read the header within the initial connect, store with Connection.Variables.AddString. Then later on within the other connections wihtin the tunnel retrieve the variables with Connection.Variables.GetStringValue (Connection.Variables.HasString might also be handy).

See following threads for more information:
https://community.mcafee.com/t5/Web-Gateway/Annoying-problem-with-User-Defined-variable/td-p/594145
https://community.mcafee.com/t5/Web-Gateway/Domain-Fronting-Vulnerabilities-and-Detection-Part-II/td...

1 Reply
TSTS12
Level 8
Report Inappropriate Content
Message 2 of 2

Re: Uniq ID for logging sent to parent proxy

Jump to solution

Within SSL the unencrypted Headers are not visible. So I am not able to receive them. If I add the header to the encrypted part (this requires SSL-Scanning on the child proxy, which I don't want to enable) the header can be retrieved.

Solution:
Starting from 7.8 there is a new event called Connection.Variables. This allows to store variables within the whole connection. Just read the header within the initial connect, store with Connection.Variables.AddString. Then later on within the other connections wihtin the tunnel retrieve the variables with Connection.Variables.GetStringValue (Connection.Variables.HasString might also be handy).

See following threads for more information:
https://community.mcafee.com/t5/Web-Gateway/Annoying-problem-with-User-Defined-variable/td-p/594145
https://community.mcafee.com/t5/Web-Gateway/Domain-Fronting-Vulnerabilities-and-Detection-Part-II/td...

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community