Rules fail due to missing User-Agent header in CONNECT requests with Safari
Last Modified: 2023-12-13 10:30:27 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Rules fail due to missing User-Agent header in CONNECT requests with Safari
Technical Articles ID:
KB95121
Last Modified: 2023-12-13 10:30:27 Etc/GMT Environment
Skyhigh Web Gateway (SWG) 10.x, 8.x Apple iOS 15.0 and later Apple Safari Problem
The rules that check for the User-Agent header string in the CONNECT cycle no longer work and don't match. You see this issue with Safari on Apple iOS 15.0 and later systems. Cause
With Apple iOS 15.0 and later, Safari no longer sends the User-Agent header in the CONNECT request. This change causes the filter for the User-Agent string in the CONNECT cycle to fail because the value remains empty.
Solution
The header remains present in both the GET and POST cycle. So, for all HTTPS connections the HTTPS scanning must be performed first. The change in scanning order allows you to see the User-Agent header to perform filtering.
Affected ProductsLanguages:This article is available in the following languages: |
|