5 Replies Latest reply: Sep 3, 2013 2:57 PM by Jon Scholten RSS

    badrequest handling (MCP/MWG)

    btlyric

      We have a MWG device listening on an publicly routable IP address for MCP connections.

       

      The MCP -> MWG comms work fine.

       

      Since the MCP rule set is an authentication rule set, it is placed right below our Debug rule set.

       

      If a client connects directly to the MCP port on that MWG and is not authenticated as a MCP client the connection is blocked and an extremely generic block page is returned. The browser doesn't display any details and view source shows 10 lines of generic HTML.

       

      While performing some tests from an external notice, it was noticed that if you used telnet to access that port and issued a request that was blocked due to NOT being an authorized MCP client, the proxy would return:

       

      HTTP/1.1 403 "block message"

      Via: [HTTP proto version] [IP Address] (McAfee Web Gateway 7.full.version.identification)

       

      I resolved that by adding Enable Proxy Control<Disable Via Header> at the beginning of the MCP authentication rule set.

       

      The proxy, upon receiving a request that isn't interpreted as correct HTTP will return:

       

      HTTP/1.1 400 badrequest

      Via: [HTTP proto version] [IP Address] (McAfee Web Gateway 7.full.version.identification)

       

      Additionally, it then returns our custom badrequest.html page.

       

      Questions:

       

      - Is there a way to control which badrequest page is returned?

      - Is there a way to control the Via header when a bad request is received by the proxy?

       

      I'm not a big fan of security through obscurity, however I would prefer not to advertise the template text that shows up on all of our block/notification pages -- that's why the MCP auth failure page is stripped down.