"Request could not be handled" exception page when attempting to download "wpad.dat" from the SG


Article ID: 166864


Updated On:


ProxySG Software - SGOS


Upgrading to SGOS 5.5 or higher breaks PAC/WPAD functionality
Policy trace while requesting "/wpad.dat" shows the SG returning '400 Bad Request'


ProxySG administrators wishing to enable support for returning the ProxySG's accelerated_pac_base.pac file when a request is received by the ProxySG for a URL with the exact path of /wpad.dat traditionally used a "policy redirect" that caused the ProxySG to return a redirect pointing back to the ProxySG for /accelerated_pac_base.pac.

This worked well, unless there was a reference in policy that required a response from an "upstream" server such as a scan decision from ProxyAV.  If Threat-Protection/Malware-Scanning is enabled within the Management
Console GUI, it is likely any policy involving redirects for objects to be served directly from the ProxySG, would begin to return a "Request could not be handled" exception page.

As of SGOS, a new policy gesture has been added to resolve the "Request could not be handled" exception.

The following is an example of the typical policy that is known to cause a "Request could not be handled" exception when other policy (such as ICAP scanning) is also involved:

    ALLOW url.path.exact=/wpad.dat action.ReturnRedirect1(yes)

define action ReturnRedirect1
  redirect( 302, ".*", "
http://proxy.company.com/accelerated_pac_base.pac" )

The new policy gesture introduced in SGOS is:  request_redirect

The policy above can be re-written as:

    ALLOW url.path.exact=/wpad.dat action.ReturnRedirect1(yes)

define action ReturnRedirect1
  request_redirect( 302, ".*", "
http://proxy.company.com/accelerated_pac_base.pac" )

Use of the "request_redirect" gesture will prevent the "Request could not be handled" exception when a redirect is necessary in combination with policy that requires a response from an "upstream" server.


  • The request_redirect policy gesture is not yet available as a VPM object.
  • This KB article supersedes FAQ410, and KB4197.
  • The request_redirect gesture should only be used for objects returned from the ProxySG itself, such as accelerated_pac_base.pac, and does not apply for redirects for objects from an OCS (Origin Content Server).   Continue to use redirect  for redirects to an OCS, and the new gesture request_redirect when the content is to be served only from the ProxySG.