HI,
After upgrading to 20.3 I have been experiencing a number issues.
The current issue is that when attempting to connect to the OC/UMP I receive the following errors in the reverse proxy
AH02429: Response header name 'Expect-CT ' contains invalid characters, aborting request
I have been battling with this since yesterday and noticed that Broadcom doc has been updated today and contains new information for Expect-CT, link below, and I am hoping this is something that can help, but there is no context in the Broadcom instructions. It doesnt actually state why the steps are required.
Configure HTTPS in Admin Console or UMPThe issue is, this is not very clear and may not be accurately written.
Steps for OC and adding Expect-CT.
By default Expect-CT is set to "enforce, max-age=300", to change the values or adding report-uri in the Operator Console.Follow these steps:1. Open wasp.cfg file in any file editor ~\Nimsoft\probes\service\wasp2. Go to <operatorconsole_portlet> ,<uncrypted> tag3. Add/Edit configuration attributes in Except-CT-Header property as below Except-CT-Header = enforce, max-age=3004. Restart the wasp
Questions are:
What should this be set to ? is it "enforce"
Where should this be set ? Step 2 refers to <operatorconsole_portlet> ,<uncrypted> in the wasp.cfg, but in my wasp, the path is <operatorconsole_portlet>,
<custom> ,<uncrypted> .. which one is correct ?
I have added "
Except-CT-Header = enforce, max-age=300, report-uri='https://<public facing url>" to the <operatorconsole_portlet>,
<custom> ,<uncrypted> as well as creating <operatorconsole_portlet>,
<custom> ,<uncrypted> section, which I manually created, to match the Broadcom doc.
The same applies to the Adminconsole.
Step 2 states. Go to <adminconsoleapp>, is this correct ? as the path in wasp.cfg again, is <custom> , <uncrypted>
The current web proxy has been in place for a number of years, with no issues, until 20.3 upgrade.
Thanks