[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOAPAction and Watchguard firewall



> After applying the above change to the firewall the web service starting to
> work using HTTP but fails using HTTPS with the same SOAP response as above.

There's no way that your firewall can view or change HTTP headers in an 
SSL connection. The SSL connection is encrypted, and cannot be decrypted 
except by destination server.

If your firewall could decrypt the data in order to tell what the headers 
are, a hacker could also decrypt the document.  The point behind HTTPS is 
to guarantee that nobody was able to read or tamper with the HTTP session.


> I don't think this problem is related to the firewall. In reviewing the log
> it appears that the "SOAPAction:
> http://tempuri.org/TransGateway/Transact/PostXML"; is missing on the header.

Are you passing this string in the peSoapAction parameter to HTTPAPI?

You also show "UTF-8" as your character set, both in the content-type and 
in the encoding parameter of the XML document.  Are you sure that it's in 
UTF-8 format?  This would require you to jump through extra hoops to 
achieve, since HTTPAPI typically encodes things in ISO-8859-1

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------