Policy based on user-agent string does not match on all requests

<< Back to Knowledge Search



The user-agent string of a given request can be read by the proxy and actioned during policy evaluation when the traffic can be analyzed in an unencrypted manner, and it conforms to a standard the proxy understands.  In the case of a transparently-deployed proxy and unencrypted SSL traffic, the proxy is only able to decode the TCP header of the request that provides client and destination IP addresses.  With an explicit proxy, rules based on the destination domain name can be used; however, as the user-agent string is encrypted within the request, the proxy cannot 'see' it to action it in policy.

In these cases, it's prudent to define policy based on the elements that can be controlled, such as destination server IP address, client IP address, or the server certificate presented by the site when the proxy makes initial contact. 


Additional Information
Bug Number
InQuira Doc IdFAQ1885

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      ProxySG
Article Number      000012692
Was this helpful?
Previous MonthNext Month