cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ChrLu
Level 9
Report Inappropriate Content
Message 1 of 2

disable Protocol detection/validation/check in HTTP Proxy for specific connection

Jump to solution

All,

is there any way to let MWG not check protocol details when a connection is using HTTP proxy.

Scenario:
One of applications on customer is not developed correctly following RFC standards.
After TCP handshake the Java is sending POST to https://login.microsoft.com/<something> without having HTTP Connect in front.
MWG replies with Handshake failed of course.

We start wondering if there is any chance to let the MWG allowing this for that specific source and destination when customer accepts to have this validation turned off on MWG.

Thanks.

regards,

Christian

1 Solution

Accepted Solutions
ChrLu
Level 9
Report Inappropriate Content
Message 2 of 2

Re: disable Protocol detection/validation/check in HTTP Proxy for specific connection

Jump to solution

 I received confirmation from McAfee employee (aloksard) that this is not possible on MWG.
Client needs to request TLS handshake via HTTP Connect to make it happen.

In https://community.mcafee.com/thread/115497 some workaround is described but this only helps for connection between Proxy and Server outside. If client is not triggering TLS handshake, MWG is not able to handle it. 

There seems to be no way to just let the MWG to forward such kind of connection.

I could imagine that TCP proxy might work here but additional listener on special port just for such wrong implementation on client side might be overkill.

View solution in original post

1 Reply
ChrLu
Level 9
Report Inappropriate Content
Message 2 of 2

Re: disable Protocol detection/validation/check in HTTP Proxy for specific connection

Jump to solution

 I received confirmation from McAfee employee (aloksard) that this is not possible on MWG.
Client needs to request TLS handshake via HTTP Connect to make it happen.

In https://community.mcafee.com/thread/115497 some workaround is described but this only helps for connection between Proxy and Server outside. If client is not triggering TLS handshake, MWG is not able to handle it. 

There seems to be no way to just let the MWG to forward such kind of connection.

I could imagine that TCP proxy might work here but additional listener on special port just for such wrong implementation on client side might be overkill.

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community