Quick Debugging with SafeSquid Debugging Headers [ ✓ Understanding Dev Tools of Browser ]

Tell everybody, what you think about SafeSquid!
Speak your mind!
India aashish97
Posts: 117
Joined: Sat Jul 06, 2019 10:45 am

Quick Debugging with SafeSquid Debugging Headers [ ✓ Understanding Dev Tools of Browser ]

Post by aashish97 » Mon Apr 20, 2020 9:29 am

Hello all,

In this post I will be highlighting a very important feature of SafeSquid-SWG that reduces debugging problem to a greater extend.

The problem that we see once we deploy any application is the troubleshooting part i.e if any problem is faced due to the application, the application support team comes into the picture and analysis the problem using different log files containing debug information.
This is a SOP for any application.

Same ways SafeSquid-SWG being one of such Application which requires Debugging to understand the root cause of the problem faced.
When a user faces a problem like site is not working as desired or site breaks when using SafeSquid-SWG ( or by any SafeSquid Policy )
We need to do the following things
1. Identify the Problem
2. Understand the Risk of the Problem
3. Apply The Necessary Solution.

For more detail on this follow the below link
******* Identifying Root Cause of the Problem Link ********

The very first step in this is to identify the problem which require use to go through the SafeSquid's log file and track down the appropriate logs which belongs to that web application.
Doing this in a Heavily Loaded SafeSquid Instance is very hard. As it will consume a lot of efforts and time resulting in bad user experience.
Also to actually trace down all the web requests made by that web application is very hard and time consuming in such a heavily loaded system regardless of having the client/machines ip for filtering the results.

SafeSquid has a lot of advance filters which are used to control such Web 2.0 Application and to identify exactly which SafeSquid's filter is breaking a websites functionality is very hard to trace and replicate.
There we need a more convenient and easy solution which can be used by the Application Support Engineers as well as by the SafeSquid instance maintainers to easily and quickly debug such problems.

Below we provide a advabce solution which is very handy and helpful in such scenarios.

------------------------------------------
SIMPLE & QUICK ANSWER
------------------------------------------
SafeSquid-SWG provides an easy way to troubleshoot such problems.
SafeSquid-SWG provides most of the debugging information in the response headers itself , which makes it easy for debugging.
Information includes the Policy that were applied to that request becuase of the respective use case.

-----------------------------------
INDETAILED ANSWER
-----------------------------------
Now-a-days, Every Browser provides a built-in debugging tool. Which makes it easy for any web application developer to debug the web application easily on the browser itself.
The debugging tool in the browser provides different section which have different information and stats.
It contains

1. Elements
2. Console
3. Source
4. Network
5. Performance
6. Memory
7. Application
8. Security
9. Audit

These different tabs provides different information.
The section that are very helpful are :


1. Console
-------------------
This Section provides good debugging for the web application like error in function , error in network call, web developers add more information that are displayed here for debugging, it also provides information when their is Connection establishment problem which detailed info like protocol, domain name, port number, url path, search query etc.
This help us identify if any website is getting block due to any restriction via SafeSquid-SWG.

Some of the Request which face connection establishment problem are not listed in network tab we need to go to the Console tab to get the details about the connection problem.

A Quick Console Tab related Debugging info is shown in the below snapshot.
Which explains that connection to a domain failed with details
websocketProblemInSamSung.png
websocketProblemInSamSung.png (147.32 KiB) Viewed 1674 times
2. Security
-------------------
This section provides information related to the SSL part i.e the certificate details in a more informative format.it provides details like
1. Encryption Algorithm Used.
2. Certificate Validity.

This section is important to understand any problem related to SSL.

The below 2 snapshots shows Information provided by the Security Section

chromeDevToolSecuritySection.png
chromeDevToolSecuritySection.png (65.61 KiB) Viewed 1674 times
chromeDevToolSecuritySection_origindetails.png
chromeDevToolSecuritySection_origindetails.png (100.85 KiB) Viewed 1674 times
Last edited by aashish97 on Wed Apr 29, 2020 9:29 am, edited 1 time in total.

India aashish97
Posts: 117
Joined: Sat Jul 06, 2019 10:45 am

Re: Quick Debugging with SafeSquid Debugging Headers [ ✓ Understanding Dev Tools of Browser ]

Post by aashish97 » Mon Apr 27, 2020 2:17 am

3. Network
-------------------
This is a very important section, which provides list of all the web request made by the respective web application.
This provides enough information to find all the necessary and unnecessary dependency of the web application.
It provides a detailed info for each request made by the browser
Which includes:

a) Request Domain Port
b) Remote Server
c) Status Code
d) Request Headers
e) Request Body
f) Response Headers
g) Response Body
h) Time Taken

This completes the detail about the Browser DevTools for debugging.

Then how is it beneficial for a SafeSquid-SWG Customer (USER) or to troubleshoot SafeSquid-SWG?
Note:
SSL Inspection should be ENABLED for https sites to get the debugging headers.
To ENABLE Debugger Headers , it needs to be enabled in the SYSTEM CONFIGURATION global section, Debugging Headers To CLIENT.

As we have already understood the details provided by the Network Section. It contains response header, this response are basically response header provided by the webserver. When SafeSquid-SWG is in the middle of the communication (In simple words SafeSquid-SWG is used as forward project or transparent proxy) SafeSquid-SWG receives the response headers from the server and then adda all the necessary debugging information which includes

1. RequestTypes Applied Details
2. ResponseTypes Applied Details
3. ImageFilter Details
4. Text Analyzer Details
5. UserGroup Applied Details
6. Request ID Details
7. Access Policy Details
8. blocked/deny if applicable

Etc and many other details
Few will be added in the future

THIS Details are extra headers added by SafeSquid as example
X-SAFESQUID-REQUEST-TYPES: Google, Google Search

The Debugging Header Snapshots is listed below.
IMG_20200427_074017.jpg
IMG_20200427_074017.jpg (100.37 KiB) Viewed 1667 times
This helps us understand all the applicable sections for that particular request.
This helps us understand the actual root cause of the problem.

These headers reduces alot of efforts , time and resources availability problem like unavailability of the SafeSquid command prompt.


This Network Section does not provide all the information, like it might not provide detail about connection that got establishment problem due to port number, SSL termination etc

These information help us understand the root cause of the problem. Example: if the status code is 403 with SafeSquid-SWG response headers x-template as blocked then the website is blocked by the SafeSquid-SWG

Many Connection related details or block are not displayed by the network tab therefore we require the console tab as well to understand the problem properly.

The Debugging Tool makes the debugging very easy for the customer as well as for us and reduces alot of efforts and time.

Post Reply