VPM generates 'Late condition guards early action' when a username source is used in conjunction with a host rewrite action


<< Back to Knowledge Search

Solution

Overview

It does not matter whether the conflicting conditions/actions are from different rules - what matters is that they are in the same layer.

For example, the VPM policy below will result in a 'late condition guards early action' error :

User-added image

User-added image

This happens because the Rewrite action in the VPM uses 'url.host' as a parameter. 'url.host' and 'url' have different semantics, and thus different checkpoints in the policy. 'url.host' is associated with the HTTP request's host while 'url' is meant for the whole URL. They have different checkpoints from that of the user condition in the policy.

The order of the checkpoints are: host, user identity, and url. Since user identity is later than host, we get the "Late condition guards early action" error. 'url.host' cannot be modified after the user identity has been obtained via the Web Authentication Layer.

To address this, we can use the CPL to rewrite the URL instead of 'url.host'. For example :

define action RewriteH
  rewrite( url, "(.*)packeteer(.*)", "$(1)bluecoat$(2)" )
end
 

Cause
Resolution
Workaround
Additional Information
Bug Number
InQuira Doc IdFAQ1062
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      11/10/2014
Last Published      11/10/2014
Article Audience
Product      ProxySG
Software      SGOS 4, SGOS 5, SGOS 6
Topic      Policy Management
Article Number      000014549
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat