Solutions

Configuring ProxyClient Web Filtering Auto-Detection

Solutions ID:    KB4646
Version:    7.0
Status:    Published
Published date:    09/26/2011
Updated:    01/07/2013
 

Problem Description

You want to configure ProxyClient to disable/delegate web filtering when traffic is intercepted by a ProxySG on the network.

Resolution

You must meet following requirements before configuring ProxyClient to disable/delegate web filtering :

  • Run Client Manager for SGOS 5.3.2.5 or later.
  • Run any version of SGOS that supports Blue Coat Web Filtering (BCWF).
  • Deploy ProxyClient in one of the following ways:
    • In-path with the filtering ProxySG.
    • Using the filtering ProxySG as an explicit proxy.
  • Run ProxyClient 3.2 or later.
  • Install local policy on every ProxySG that performs web filtering in a network to which ProxyClients might connect (see the procedure below).
Web Filtering Auto-Detection works by setting policy that causes the ProxySG to respond with a custom header and value to requests from the ProxyClient. The custom header is "X-BCWF-License" and the value is the subscription username used on the ProxySG. When the ProxyClient sees this response, it becomes aware that a ProxySG is intercepting its traffic and therefore delegates all web filter processing to the ProxySG until the location changes (IP address or adapter change) or the ProxyClient is restarted.
 
To install local policy on a ProxySG that performs Web filtering for ProxyClients:
  1. Log in to the ProxySG Management Console as an administrator.
  2. Go to Configuration > Policy > Policy Files.
  3. In the right pane, for Install Local File from, and click Text Editor from the list.
  4. Click Install.
  5. In the provided field, enter the following:

    <proxy>
    request.header.Host="sp.cwfservice.net" action.i_am_filtering(yes)
    define action i_am_filtering
    set (response.x_header.X-BCWF-License, "VendorID")
    end

    where VendorID is your Blue Coat WebFilter database user name.

    If your enterprise has multiple Vendor IDs, enter them as a comma-separated list. You can find the user name that a specific ProxySG in the Management Console by going to Configuration > Content Filtering > Blue Coat WebFilter.

    An example with one Vendor ID follows:

    <proxy>
    request.header.Host="sp.cwfservice.net" action.i_am_filtering(yes)
    define action i_am_filtering
    set (response.x_header.X-BCWF-License, "6EAZ8-BDC17F")
    end
  6. Click Install. If errors display, check the command syntax and try again.
  7. After the policy successfully installs, click OK at the conformation dialog and then click Close.
 
Important: If this policy does not take effect, check the formatting of the policy that you entered in the text editor. Make sure that the following rule within the policy is entered all on one line:

request.header.Host="sp.cwfservice.net" action.i_am_filtering(yes)

 Any invalid line breaks in the rule cause it to match incorrectly and the ProxyClient will not delegate web filtering as expected.
 
If you have the use of multiple BCWF licenses on different ProxySG's throughout your environment, it is recommended that you include each one in your Web Filtering Auto-Detection policy. See FAQ2112 for more information. 

 


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question