Policy based on user-agent string does not match on all requests
The user-agent string of a given request can be read by the proxy and actioned during policy evaluation when the traffic can be analyzed in an unencrypted manner, and it conforms to a standard the proxy understands. In the case of a transparently-deployed proxy and unencrypted SSL traffic, the proxy is only able to decode the TCP header of the request that provides client and destination IP addresses. With an explicit proxy, rules based on the destination domain name can be used; however, as the user-agent string is encrypted within the request, the proxy cannot 'see' it to action it in policy.
Rate this Page
Please take a moment to complete this form to help us better serve you.