Policy based on user-agent string does not match on all requests

FAQ ID:    FAQ1885
Version:    1.0
Status:    Published
Published date:    02/09/2012


The user-agent string of a given request can be read by the proxy and actioned during policy evaluation when the traffic can be analyzed in an unencrypted manner, and it conforms to a standard the proxy understands.  In the case of a transparently-deployed proxy and unencrypted SSL traffic, the proxy is only able to decode the TCP header of the request that provides client and destination IP addresses.  With an explicit proxy, rules based on the destination domain name can be used; however, as the user-agent string is encrypted within the request, the proxy cannot 'see' it to action it in policy.

In these cases, it's prudent to define policy based on the elements that can be controlled, such as destination server IP address, client IP address, or the server certificate presented by the site when the proxy makes initial contact. 


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.

Your response will be used to improve our document content.

Ask a Question