Security Gateway Discussions
- Posts: 2
- Joined: 21 Feb 2017, 16:43
we have a W20-HQ with cOS 12.00.08.20 and since yesterday i receive following error:
Code: Select all
2018-03-05T09:38:25.870+01:00 sev=err cat=ALG id=00200144 rev=1 event=invalid_http_syntax action=close type=request reason="invalid HTTP method" connipproto=TCP connrecvif=G1_lan connsrcip=<ip_from_our_exchange_server> connsrcport=56918 conndestif=G5_lte conndestip=220.127.116.11 conndestport=443 origsent=667 termsent=52 algname=38_https_lan algmod=lw-http algsesid=28992
The destination IP is a IP from kaspersky. At the connsrcip running kaspersky security center and kaspersky email security for exchange server.
Anyone an idea what suddenly is the problem? What exactly does the error mean?
thanks in advance.
- Posts: 41
- Joined: 24 Oct 2016, 08:23
The "invalid HTTP method" log message means that we received data that is not http, this could include the "protocol upgrade" or that the traffic is not legit http traffic.
The log reference guide mentions the following:
"The HTTPALG received malformed HTTP syntax and closed the connection."
And the recommended action is the following:
"Investigate why malformed HTTP syntax was received."
An idea might be to activate the "allow unknown protocols" on the Policy that you're using.
Another idea might be to check the protocols allowed on the service, if it's just HTTP or if it also includes HTTPS.