We recently had an issue where a few of our Blue Coat ProxySG appliances were having issues connecting to a specific URL. We would continually get the “TCP Error” banner from the Blue Coat proxy servers trying to connect to this website. We had no issues connecting directly (outside of the ProxySG appliances) so the proxy servers were assumed to be the immediate suspect in the problem.
Thankfully there’s a way to quickly and easily test access a specific URL from the CLI interface of the Blue Coat ProxySG appliances.
SG800#test http get ? <url>
So I performed a quick test from the CLI interface;
SG800#test http get http://someurlsomewhere.com Type escape sequence to abort. Executing HTTP get test * HTTP request header sent: GET http://someurlsomewhere.com HTTP/1.0 Host: someurlsomewhere.com User-Agent: HTTP_TEST_CLIENT * HTTP response header recv'd: HTTP/1.1 503 Service Unavailable Cache-Control: no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Proxy-Connection: close Connection: close Content-Length: 1329 Measured throughput rate is 0.03 Kbytes/sec HTTP get test passed
It was easy to immediately see that the web server was returning a 503 error to the proxy server, something that was impossible to see from the client browser and difficult to locate from the log files.
The hosting company for the server in question eventually resolved the issue when they removed the automatic blacklisting that had been automatically placed on the proxy server’s public IP address after too many people failed to authenticate properly (because the website in question had a password on it).
Here’s the test when it worked properly returning a 401 error requiring the user to authenticate;
SG800#test http get http://someurlsomewhere.com Type escape sequence to abort. Executing HTTP get test * HTTP request header sent: GET http://someurlsomewhere.com HTTP/1.0 Host: someurlsomewhere.com User-Agent: HTTP_TEST_CLIENT * HTTP response header recv'd: HTTP/1.1 401 Authorization Required Date: Wed, 11 Aug 2010 15:40:31 GMT Server: Apache/2.2.3 (CentOS) WWW-Authenticate: Basic realm="For Acme Health only..." Content-Type: text/html; charset=iso-8859-1 Cache-Control: proxy-revalidate Content-Length: 479 Connection: close Proxy-support: Session-based-authentication Measured throughput rate is 4.50 Kbytes/sec HTTP get test passed