9 Replies Latest reply on Aug 26, 2013 9:28 PM by Jon Scholten

    Badgateway errror

    akill

      Im getting the following error when I use my MWG and im browsing on a webhepldesk thats my company use..............

       

       

      Bad Gateway

       

      Could not connect to given gateway.

       

      URL: http://adexsus.com/newHelpdesk/upload/scp/tickets.php?id=397

       


      Company Acceptable Use Policy
      This is an optional acceptable use disclaimer that appears on every page. You may change the wording or remove this section entirely in index.html.

       

      For assistance, please contact your system administrator.
      generated 2011-03-14 11:54:29 by McAfee Web Gateway
      Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)

        • 1. Badgateway errror
          bperez

          I have the same error for another internet web app, how can i troubleshoot via ssh the access.log?

           

          regards

          • 2. Badgateway errror
            asabban

            Hi guys,

             

            "502 Bad Gateway" is a pretty generic error message that points out that something between MWG and the remote server went down.

             

            If you can replicate the issue and need assistance to understand what is going on, please file an SR with support. There is no "generic" answer for this kind of error messages.

             

            Best,

            Andre

            1 of 1 people found this helpful
            • 3. Badgateway errror
              akill

              Temp... I add under my global whitelist the site with the issue I will open a SR

               

               

               

              Web Gateway: ERROR: 502 Bad Gateway when accessing Web Application

               

              Corporate KnowledgeBase ID:  KB68039
              Last Modified:  January 29, 2010

               

              Summary

              Web Gateway sends back an HTTP 502 response to the client when there are problems communicating with the web server.

              Problem

              When a client tries to access a specific web server, Web Gateway replies with a HTTP 502, Bad Gateway error. An error message displays in the Web Browser. Whitelisting or adding an entry to the ICAP Bypass list do not solve the issue.

              Cause

              This is usually caused by a web server sending a response to the client which is not RFC compliant. A common example are web servers which (due to dynamic content) send two different content-length headers. This is not RFC compliant and may cause a security impact, therefore you see the HTTP 502 error as a response.

              Solution

              Verify the problem by looking at the HTTP response sent from the web server to Web Gateway. Use Connection Tracing or run a tcpdump on the Web Gateway interface that points to the internet to analyze the traffic.

               

              To change the behavior and have Web Gateway accept the response, edit the global.conf file using the following:

              DontCheckForAddtlContentLenHdr=1

              IMPORTANT: This may be a security threat. Apply changes to the global.conf file only if you have already done so in the past and know the procedure. If you are unsure, contact Support.

              If making the change does not help, the response from the web server may be broken in another way. Open a case with Support to get additional insight and an explanation for the issue.

              • 4. Badgateway errror
                infosecjeff

                I was with a customer who had the same error message for a web site.  It turns out there was a Network Intrusion Prevention sensor (NIPs) inline that was blocking the responses from the server due to an exploit signature triggering a blocking action on the NIPs.  Once we excluded the site from the signature we no longer had the bad gateway message HTTP 502, and the web site was displayed.  The next step would be to alert both the technical support team of the NIPs about the triggered response, and notify the web developer of the web site they may have some suspicious or malicious looking code on their web site.

                 

                Best,

                Jeff

                1 of 1 people found this helpful
                • 5. Badgateway errror
                  akill

                  I open a SR and for now the solution was flush the cache under configuration>right click MWG app name and click flush cache..................

                   

                  I will monitor all to see if this is the cause of my issue

                  • 6. Re: Badgateway errror
                    smalldog

                    I have the same problems and follow KBKB68039 to edit global.conf but i don't know location global.conf. Please tell me location file. McAfee Web Gateway 7.2 Thanks!

                     

                    Message was edited by: smalldog on 8/26/13 4:45:32 AM CDT
                    • 7. Re: Badgateway errror
                      Jon Scholten

                      Not all 502's are created equally!

                       

                      Please review this article:

                      https://community.mcafee.com/docs/DOC-4927

                       

                      Best,

                      Jon

                      • 8. Re: Badgateway errror
                        smalldog

                        Thanks Jon but i want to try solution in KB68039 and see the problems can solved. Could you tell me which place global.conf located?

                        • 9. Re: Badgateway errror
                          Jon Scholten

                          What makes you think it is related to the problem outlined in KB68039? That KB was written for MWG 6 which is very different from MWG 7. The issue is also a very specific issue, I have only ever seen the issue when a user is generating some large PDF reports.

                           

                          If you want to do what is outlined in that KB, then you will need to create a rule like:

                          Criteria: URL.Host matches problemdomain.com

                          Action: Continue

                          Event: Enable Proxy Control <Handle Dual Content Length>

                           

                          Where "Handle Dual Content Length" is a settings container where you changed an option for dual content length headers.

                           

                          Best,

                          Jon