WebMarshal warning pages redirect HTTPS to the base server address


This article applies to:

  • WebMarshal

Symptoms:

  • Using WebMarshal
    • Version 6.0 or below
    • Version 6.1 or above, but HTTPS inspection disabled or not enforced for a site
  • Browsing to a file within a HTTPS website
  • WebMarshal policy or warning page raised
  • After the warning is accepted, the user is redirected to the root of the site

Causes:

  • HTTPS connections submit only the server name for the initial connection. All additional path name and form or parameter information is encrypted for security. The encrypted information is not visible to WebMarshal (or any other devices that forward the request).
  • When WebMarshal redirects a user after presenting a warning page, it performs the redirection based on the initial connection information. The redirection is to the server root because this is the only information available.

Resolution:

In WebMarshal 6.1 and above, you can enable HTTPS Content Inspection. When Content Inspection is enabled, WebMarshal can decrypt the request content including the path information. WebMarshal can then redirect the request correctly.

Notes:

  • WebMarshal can only perform redirection on inspected connections. If you choose not to inspect connections to certain sites (such as banking sites) for security reasons, WebMarshal will not be able to perform the redirect correctly.
  • This issue is most likely to be noticed if a user begins a browsing session with a HTTPS bookmark (and is required to accept the company policy before continuing).

Last Modified 4/29/2009.
https://support.trustwave.com/kb/KnowledgebaseArticle12708.aspx