FAQ

Why is the ProxySG not serving the Notify User page when I have the default policy set to Deny?

FAQ ID:    FAQ1223
Version:    1.0
Status:    Published
Published date:    01/10/2011
 

Answer

 The Notify User action object does not modify the Allow or Deny states; therefore, it requires that the request hit an allow rule before the user is served with the notify user page.

 
Without an Allow Policy:
 
start transaction -------------------
  CPL Evaluation Trace: transaction ID=7504
           <Proxy>  condition=!__is_notify_internal 
    MATCH:     trace.request(yes) trace.rules(all) trace.destination(1234) 
           <Proxy "handle HTML Notification internal requests">
           [Rule]  url=http://notify.bluecoat.com/ 
    miss :     url=http://notify.bluecoat.com/
           [Rule]
    miss :     url=http://notify.bluecoat.com/
           [Rule]
    miss :     url=/notified-NotifyUser1?
    miss :     url=/verify-NotifyUser1?
    miss :     url=/verify-NotifyUser1?
           [Rule]
    MATCH:     action.__delete_notify_cookies(yes) 
           <Cache "suppress DRTR for HTML Notification internal URLs">
    miss :     condition=__is_notify_internal
  connection: service.name=Explicit HTTP client.address=10.105.0.128 proxy.port=8080
  time: 2011-01-11 03:43:53 UTC
  GET http://www.google.com.my/
Cookie: PREF=ID=ff75e69b4f124e6c:U=7c97850933b01c6b:FF=0:TM=1293123577:LM=1293123577:S=ogNAFri8QKBYVybb
Cookie: NID=42=BDB00PAAz_RoT4NoNU2c4R5I_DIi68lTxZ7WUDdpzUsYNGW425YlMWb72BXODBxXHQYTKZY7Asei6nQY4cBRowwM7X5GS5c6HVVyI2fpdUxFFbv-V9mtrdhIlX0NtMsJ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729)
  user: unauthenticated
  DENIED: Default secure policy mode           <----------------- Hitting the default DENY Policy
  DSCP client outbound: 65
  DSCP server outbound: 65
 
stop transaction --------------------
 
With an ALLOW policy:
 
start transaction -------------------
  CPL Evaluation Trace: transaction ID=7545
           <Proxy>  condition=!__is_notify_internal 
    MATCH:     ALLOW policy.NotifyUser1           <----------------- Hitting ALLOW Policy
           <Proxy>  condition=!__is_notify_internal 
    MATCH:     trace.request(yes) trace.rules(all) trace.destination(1234) 
           <Proxy "handle HTML Notification internal requests">
           [Rule]  url=http://notify.bluecoat.com/ 
    miss :     url=http://notify.bluecoat.com/
           [Rule]
    miss :     url=http://notify.bluecoat.com/
           [Rule]
    miss :     url=/notified-NotifyUser1?
    miss :     url=/verify-NotifyUser1?
    miss :     url=/verify-NotifyUser1?
           [Rule]
    MATCH:     action.__delete_notify_cookies(yes) 
           <Cache "suppress DRTR for HTML Notification internal URLs">
    miss :     condition=__is_notify_internal
  Called policy definition: NotifyUser1
           <Proxy>
    MATCH:     condition=__NotifyUser1_should_notify action.__NotifyUser1_check_notify(yes) 
  connection: service.name=Explicit HTTP client.address=10.105.0.128 proxy.port=8080
  time: 2011-01-11 03:45:26 UTC
  GET http://www.google.com.my/
Cookie: PREF=ID=ff75e69b4f124e6c:U=7c97850933b01c6b:FF=0:TM=1293123577:LM=1293123577:S=ogNAFri8QKBYVybb
Cookie: NID=42=BDB00PAAz_RoT4NoNU2c4R5I_DIi68lTxZ7WUDdpzUsYNGW425YlMWb72BXODBxXHQYTKZY7Asei6nQY4cBRowwM7X5GS5c6HVVyI2fpdUxFFbv-V9mtrdhIlX0NtMsJ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729)
  user: unauthenticated
  REDIRECT(policy_redirect)
  redirect location=http://notify.bluecoat.com/notify-NotifyUser1?http/www.google.com.my/aHR0cDovL3d3dy5nb29nbGUuY29tLm15Lw== (302) <----------------- Redirected to Notify User Page
 
  DSCP client outbound: 65
  DSCP server outbound: 65
 
stop transaction --------------------
 
 

Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question