Can WebMarshal pass internet traffic on non-standard HTTPS sites?


This article applies to:

  • WebMarshal

Question:

  • Can WebMarshal pass internet traffic on non-standard HTTPS sites?
  • Can WebMarshal allow HTTPS on ports other than 443?
  • Can WebMarshal allow HTTPS traffic from non-browser applications?
  • WebMarshal blocks secure applets
  • Trouble accessing secure banking sites
  • How do I allow browser client access to Citrix MetaFrame server?

Symptoms:

  • Error: 'The port is invalid' when a user connects to a secure site using a non-standard port, for instance, https//site:9020
  • Error: '407 Proxy Access Denied' when a user connects to a secure site with a non-browser application
  • Error: '401 Unauthorized' when a user connects to a secure site with a non-browser application

Causes:

  • By default WebMarshal versions below 6.8.1 block sites that use non standard HTTPS ports (HTTPS sites that do not use port 443).
  • By default WebMarshal versions below 6.8.1 prevent SSL connections from being made when no User-Agent header is provided in the connect request. Many applets and other non-browser applications do not provide this header.

Solution:

In current supported versions use the HTTPS Connection Restrictions page of Global Settings or the Proxy Wizard to change these settings.

  • To access this page, in the WebMarshal Console click Tools > Global Settings > Advanced Settings > HTTPS Connection Restrictions
    • If Global Settings is not present in your version, click Tools > Proxy Server Properties or Tools > Proxy Server Wizard.
  • On the HTTPS Connection Restrictions (Advanced) page, check the two boxes.

In versions prior to 3.7.4: 

  • To allow HTTPS on all ports, on the WebMarshal server create the following registry value:

In the key:

HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\WebMarshal\Proxy

Create a new DWORD value called: "AllowNonStandardHTTPSPorts" and set the value to '1' to enable HTTPS on all ports.

  • To allow HTTPS from all applications, on the WebMarshal server create the following registry value:

    In the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\WebMarshal\Proxy

Create a new DWORD value called: "AllowNonBrowserHTTPS" and set the value to '1' to enable HTTPS from any application.

Note: Use due caution when modifying the Registry.

This article was previously published as:
NETIQKB37015

Last Modified 3/19/2008.
https://support.trustwave.com/kb/KnowledgebaseArticle10036.aspx