Description | This article describes the workaround to the issue of HTTPS websites failing to load when 'Strict-Web-Check' is enabled. |
Scope | FortiProxy. |
Solution |
The Strict-Web-Check inspects and blocks HTTP headers that do not conform to HTTP 1.1. After upgrading FortiProxy from 2.0.to 7.0, If the website HTTP header uses HTTP/2 with multi-cookies, the website content will fail to load with the browser error:
ERR_CONNECTION_CLOSED
This is confirmed via WAD debug:
service=mail&passive=1209600&osid=1&continue=https://mail.google.com/mail/u/0/&followup=https://mail.google.com/mail/u/0/&emr=1 enc_len=101,huf=1
The workaround is to set the SSL deep inspection profile to use HTTP/1.1:
config firewall ssl-ssh-profile |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.