End to End Health Check
The End-to-End (E2E) health check enhancement monitors an endpoint to identify any failure scenarios in the SCP that may prevent it from securing that endpoint. This enhancement will help users detect insecure and non-compliant endpoints, enabling them to take necessary remedial actions. If a health check fails, the SCP will report the status as Not Redirecting (E2EHealthCheckFailed) and will automatically generate a Merlog.
How it Works?
SCP is made up of two primary components: scpd and the extension. The extension monitors web traffic according to a configured policy and forwards it to scpd. scpd then passes this traffic to the proxy. Once the proxy processes the request, scpd receives the response and sends it back to the extension, which delivers it to applications such as web browsers. The End-to-End Health Check verifies this entire data flow.
To validate the flow, scpd launches a child process that makes a web request to a specific address defined in the extension’s interception rules. If the extension is functioning correctly, it intercepts the request and forwards it to scpd, which then sends the traffic to the proxy. scpd processes the proxy’s response and adds special headers exclusively for the health check request generated by the child process. This modified response is sent back to the extension, which delivers it to the child process. The child process then examines the response for the special headers and informs scpd whether the health check has passed or failed.
Merlog Capture on E2E Check Failure
A Merlog is captured during a health-check failure and is only captured again after a successful check followed by another failure. If the previous Merlog is less than an hour old, no new Merlog is created. Merlogs older than one hour are deleted during a new capture, ensuring that only one recent Merlog is retained at any given time.
Start and Stop the E2E Health Check
The health check is enabled by default. To disable it, add stop.scphealthcheck.internal
to the policy's bypass list.