Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ron_Uss
New Contributor III

Explicit web proxy - insert HTTP header extension

Hello guys,

do you have someone idea, how to insert HTTP header extension into TLS client hello packet?

What I exactly want...

I need add HTTP header extension server_name, exactly same like on screenshot from wireshark.

 

I have proxy policy, where is used proxy profile:

config firewall proxy-policy

    edit 1
        set uuid 55ba9284-33f9-51eb-8102-0009101ff954
        set proxy explicit-web
        set dstintf "virtual-wan-link"
        set srcaddr "192.168.0.0/16"
        set dstaddr "api.mygls.cz"
        set service "webproxy"
        set action accept
        set schedule "always"
        set webproxy-profile "proxy-profile"
    next
end
config web-proxy profile
    edit "proxy-profile"
        set header-via-request add
        set log-header-change enable
        config headers
            edit 1
                set name "SNI"
                set add-option append
                set content "server_name api.mygls.cz"
            next
        end
    next
end

But this settings not works.

Do you have idea, how to set "set content" under web profile header?

Documentation is not so much rich about that.

 

Thank you very much, Ondrej

NSE8 #3111

NSE8 #3111
0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors