Technical Tip: Unable to open subpages with ERR_CO...

FortiProxy

FortiProxy provides enterprise-class protection against internet-borne threats and Advanced Web Content Caching

Article Id 423698

Description

This article describes the workaround of ERR_CONNECTION_CLOSED accessing subpages.

Scope

FortiProxy.

Solution

When trying to open subpages of certain websites the it leads to the ERR_CONNECTION_CLOSED browser error.

The error below will be seen on the WAD debug:

fmt:idxIDX name idx=31, content-type:text/html; charset=utf-8 enc_len=18,huf=1
fmt:idxIDX name idx=34, etag:"1vcfqr2" enc_len=8,huf=1
fmt:idxIDX name idx=45, link:[E]2024-05-08 13:09:08.783724 [p:3192][s:66843225] wad_h2_parse_hdrs :770 conn=0x7f1230e790c0, hearder parsing error <<<<<<
[V]2024-05-08 13:09:08.783733 [p:3192][s:66843225] wad_h2_strm_task_end :402 h2_strm(0x7f123163dbb8) is closing

The cause of the issue is that in rare cases, the HTTP header from the server is larger than the maximum HTTP2 header value length that the WAD supports.

To workaround the issue, enforce ALPN 1.1 in the SSL/SSH inspection profile.

config firewall ssl-ssh-profile
    edit <profile>
        set supported-alpn http1-1
    next
end

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: Unable to open subpages with ERR_CONNECTION_CLOSED

You are leaving our website