Return redirect traffic being blocked

book

Article ID: 166618

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

In VPM, a rule is configured to a return redirect for a URL, but traffic appears to be blocked.
When accessing the site for the redirect, you get an access denied page.

Resolution

Check the configuration of the proxy for a default deny. 

Go into the Management Console > Configuration tab > Policy > Policy Options.  Look at the "Default Proxy Policy".  If the default policy is "Deny", then that deny is not being overridden by the redirect rule. 

For example if we are redirecting msn.com to google.com From the policy trace you would see:

GET http://msn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
user: unauthenticated
authentication status='not_attempted' authorization status='not_attempted'
REDIRECT(policy_redirect)
redirect location=https://www.google.com (302)

 

Then, on the Next transaction you will see the request to google.com being blocked, and it shows that the reason it is being denied it because of the default policy:

CONNECT tcp://www.google.com:443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
user: unauthenticated
authentication status='not_attempted' authorization status='not_attempted'
DENIED: Default secure policy mode

 

When the default policy is set do "deny", the proxy will deny all traffic unless it is being allowed in the policy.

Therefore you should create a "Combined Action Object" which contains the "Redirect Action" and an "Allow".