Access denied by server when going to certain websites using Internet Explorer through ProxySG.
search cancel

Access denied by server when going to certain websites using Internet Explorer through ProxySG.

book

Article ID: 165328

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

When going to some sites (example: logging in at www.cleanenergybc.org ) and using explicit proxy with Internet Explorer (IE) only, the website will return an HTTP 403 "Access Denied" response. 

Here are the details of the problem:

 

1. When IE is NOT set to use a proxy, it sends a 'cache-control' HTTP header.

2. When IE IS set to use a proxy, it sends a 'pragma' HTTP header.

3. When the ProxySG receives either a 'cache-control' or 'pragma' HTTP header from a client, it will use either one respectively (by default when applicable).

4. Some websites such as www.cleanenergybc.org deny access to requests with a 'pragma' header when logging in.

5. When Chrome and Firefox are set to use a proxy, they send a 'cache-control' header instead of a 'pragma' header, which is why this problem doesn't occur when using these browsers.

 

Resolution

Although this issue is caused by the way the IE browser and the website behave, you can create a workaround on the proxy by suppressing the 'pragma' when going to this site.

You can install the following CPL policy in your local policy text editor by navigating in the ProxySG's Management Console to Configuration>Policy>Policy Files>Install Local File from: Text Editor

  • Click Install button
  • Paste the following policy to the bottom of the text editor:

;=====Begin pragma: no-cache access denied workaround=====
<Proxy>
condition=Pragma-Deny-Sites action.Suppress-Pragma(yes)

define condition Pragma-Deny-Sites ; Sites that deny requests with 'pragma: no-cache' header
;--replace this line with a website you're having the issue with (example in red below)--;
url.domain=cleanenergybc.org 
end

define action Suppress-Pragma
delete(request.header.Pragma)
end action Suppress-Pragma
;=====End pragma: no-cache access denied workaround=====

  • Click Install button and close text editor

This can also be pasted into a CPL Layer in the VPM

or

You can configure this in the VPM on a Web Access Layer by setting a destination URL of cleanenergybc.org and a "Control Request Header" object set to suppress the 'pragma' header as the action.

 

 

Powered by Wolken Software