Why is the ProxySG not serving the Notify User page when I have the default policy set to Deny?


<< Back to Knowledge Search

Solution

Overview

 The Notify User action object does not modify the Allow or Deny states; therefore, it requires that the request hit an allow rule before the user is served with the notify user page.

 
Without an Allow Policy:
 
start transaction -------------------
  CPL Evaluation Trace: transaction ID=7504
           <Proxy>  condition=!__is_notify_internal 
    MATCH:     trace.request(yes) trace.rules(all) trace.destination(1234) 
           <Proxy "handle HTML Notification internal requests">
           [Rule]  url=http://notify.bluecoat.com/ 
    miss :     url=http://notify.bluecoat.com/
           [Rule]
    miss :     url=http://notify.bluecoat.com/
           [Rule]
    miss :     url=/notified-NotifyUser1?
    miss :     url=/verify-NotifyUser1?
    miss :     url=/verify-NotifyUser1?
           [Rule]
    MATCH:     action.__delete_notify_cookies(yes) 
           <Cache "suppress DRTR for HTML Notification internal URLs">
    miss :     condition=__is_notify_internal
  connection: service.name=Explicit HTTP client.address=10.105.0.128 proxy.port=8080
  time: 2011-01-11 03:43:53 UTC
  GET http://www.google.com.my/
Cookie: PREF=ID=ff75e69b4f124e6c:U=7c97850933b01c6b:FF=0:TM=1293123577:LM=1293123577:S=ogNAFri8QKBYVybb
Cookie: NID=42=BDB00PAAz_RoT4NoNU2c4R5I_DIi68lTxZ7WUDdpzUsYNGW425YlMWb72BXODBxXHQYTKZY7Asei6nQY4cBRowwM7X5GS5c6HVVyI2fpdUxFFbv-V9mtrdhIlX0NtMsJ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729)
  user: unauthenticated
  DENIED: Default secure policy mode           <----------------- Hitting the default DENY Policy
  DSCP client outbound: 65
  DSCP server outbound: 65
 
stop transaction --------------------
 
With an ALLOW policy:
 
start transaction -------------------
  CPL Evaluation Trace: transaction ID=7545
           <Proxy>  condition=!__is_notify_internal 
    MATCH:     ALLOW policy.NotifyUser1           <----------------- Hitting ALLOW Policy
           <Proxy>  condition=!__is_notify_internal 
    MATCH:     trace.request(yes) trace.rules(all) trace.destination(1234) 
           <Proxy "handle HTML Notification internal requests">
           [Rule]  url=http://notify.bluecoat.com/ 
    miss :     url=http://notify.bluecoat.com/
           [Rule]
    miss :     url=http://notify.bluecoat.com/
           [Rule]
    miss :     url=/notified-NotifyUser1?
    miss :     url=/verify-NotifyUser1?
    miss :     url=/verify-NotifyUser1?
           [Rule]
    MATCH:     action.__delete_notify_cookies(yes) 
           <Cache "suppress DRTR for HTML Notification internal URLs">
    miss :     condition=__is_notify_internal
  Called policy definition: NotifyUser1
           <Proxy>
    MATCH:     condition=__NotifyUser1_should_notify action.__NotifyUser1_check_notify(yes) 
  connection: service.name=Explicit HTTP client.address=10.105.0.128 proxy.port=8080
  time: 2011-01-11 03:45:26 UTC
  GET http://www.google.com.my/
Cookie: PREF=ID=ff75e69b4f124e6c:U=7c97850933b01c6b:FF=0:TM=1293123577:LM=1293123577:S=ogNAFri8QKBYVybb
Cookie: NID=42=BDB00PAAz_RoT4NoNU2c4R5I_DIi68lTxZ7WUDdpzUsYNGW425YlMWb72BXODBxXHQYTKZY7Asei6nQY4cBRowwM7X5GS5c6HVVyI2fpdUxFFbv-V9mtrdhIlX0NtMsJ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729)
  user: unauthenticated
  REDIRECT(policy_redirect)
  redirect location=http://notify.bluecoat.com/notify-NotifyUser1?http/www.google.com.my/aHR0cDovL3d3dy5nb29nbGUuY29tLm15Lw== (302) <----------------- Redirected to Notify User Page
 
  DSCP client outbound: 65
  DSCP server outbound: 65
 
stop transaction --------------------
 
 
Cause
Resolution
Workaround
Additional Information
Bug Number
InQuira Doc IdFAQ1223
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      SG200, SG210, SG300, SG510, SG600, SG810, SG8100, SG9000
Topic      Policy Management
Article Number      000016653
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat