Troubleshooting Tip: Explicit proxy error 'invalid uri in request-line'

Source: 192.168.200.2--------192.168.200.1(port4) FGT (port1)-----------ems.fortinet.lab

• Client IP: 192.168.200.2
• Explicit Proxy (FortiGate): 192.168.200.1:8080
• Destination: ems.fortinet.lab (HTTPS – 443)

When executing the following curl command from the client:

$ curl -x http://192.168.200.1:8080 -X CONNECT ems.fortinet.lab:443
curl: (52) Empty reply from server

WAD debug commands used:

diagnose debug reset
diagnose debug disable
diagnose wad filter src 192.168.200.2
diagnose wad debug enable category all
diagnose wad debug display pid enable
diagnose wad debug enable level verbose
diagnose debug enable

WAD debug output (key log):

CONNECT http://ems.fortinet.lab:443/ HTTP/1.1
Host: ems.fortinet.lab:443
User-Agent: curl/8.18.0
Accept: */*
Proxy-Connection: Keep-Alive

[I][p:244][s:1363821158][r:46] wad_http_parse_conn_req_uri :2463 http CONNECT request 0x7f92ce974e10 invalid uri in request-line.
[V][p:244][s:1363821158][r:46] wad_http_clt_read_sync :1835 hs=0x7f92ceaa6ec0 pause=(0/0x0) ret=-1 execute=wad_http_clt_read_req_line
[I][p:244][s:1363821158][r:46] wad_tcp_port_proc_end :799 tcp=0x7f92ceb7c2c8 socket=45 good=0 both ends closed.
[I][p:244][s:1363821158][r:46] wad_tcp_port_end_event :747 sock 45 close
[I][p:244][s:1363821158][r:46] wad_http_session_free :13468 http cache session 0x7f92ceaa6ec0 req=0x7f92ce974e10 close
[I][p:244][s:1363821158][r:46] __wad_http_req_close :1592 ret = -1!
[V][p:244][s:1363821158] wad_http_mstrm_stop :965 mstrm(0x7f92ceaa6ef0) stopped, is_clt=1
[I][p:244][s:1363821158] __wad_http_session_task_end :13645 wad_http_cstrm_task_end:13935: hcs=0x7f92ceaa6ec0 good=-1 state=3 processing=1 state=4 processing=1 freed
[I][p:244][s:1363821158] wad_tcp_port_proc_end :845 tcp 0x7f92ceb7c2c8 closed on sock 45
[I][p:244] wad_tcp_port_put :627 free tcp_port=0x7f92ceb7c2c8

The issue is caused by an incorrect URI format in the HTTP CONNECT request.

When the curl command is corrected:

$ curl -x http://192.168.200.1:8080 -X CONNECT https://ems.fortinet.lab:443
curl: (60) schannel: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that i
s not trusted.
More details here: https://curl.se/docs/sslcerts.html

WAD debug output (key log):

CONNECT ems.fortinet.lab:443 HTTP/1.1
Host: ems.fortinet.lab:443
User-Agent: curl/8.18.0
Proxy-Connection: Keep-Alive

[I][p:244][s:1363821159][r:47] wad_http_str_canonicalize :2182 enc=0 path=/ len=1 changes=0
[I][p:244][s:1363821159][r:47] wad_http_conn_req_classify :5808 no security profile HTTPS/HTTP, tport=443
[V][p:244][s:1363821159][r:47] wad_http_req_check_dns :66 hn=0x7f92cf2074c8 sn=(nil)
[I][p:244][s:1363821159][r:47] wad_http_dns_resolve :7408 [0x7f92ce9752c8] DNS request name=ems.fortinet.lab len=16 type/pref=0/0
[I][p:244][s:1363821159][r:47] __wad_dns_send_query :771 0:0: sending DNS request for remote peer ems.fortinet.lab id=0 IPv4
[V][p:244][s:1363821159][r:47] wad_tcp_port_out_read_block :995 tcp_port 0x7f92ceb7c408 fd=45 on=1 n_out_block=0~>1 in(/out)_shutdown=0/0 closed=0 state=2.
[V][p:244][s:1363821159][r:47] wad_tcp_port_transport_read_block :950 tcp_port 0x7f92ceb7c408 fd=45 on=1 n_out_block=0~>1 in(/out)_shutdown=0/0 closed=0 events=0x1.
[V][p:244][s:1363821159][r:47] wad_tcp_port_transport_read_block :964 sock 45 read_block enforced, turn off readability.
[V][p:244][s:1363821159][r:47] wad_http_msg_strm_pause :955 strm paused, flag=0x2 is_clt=1
[V][p:244][s:1363821159][r:47] wad_http_clt_read_sync :1835 hs=0x7f92ceaa6ec0 pause=(1/0x2) ret=1 execute=wad_http_clt_read_req_line
[I][p:244][s:1363821159][r:47] wad_tcp_port_on_event :1949 sock 45 remove readability events=0x0.
[V][p:244][s:1363821159][r:47] wad_tcp_port_window_adjust :463 tcp_port 0x7f92ceb7c408 window-type 0 set 0 SNDBUF 327680 RCVBUF 10485760
[I][p:244][s:1363821159][r:47] wad_unix_stream_flush_data :595 WAD unix stream stream 0x7f92cee71138 write (1,32)

The request is successfully parsed and processed by WAD.