Why does BCWF Webpulse/DRTR categorization of Web requests not work when it is configured to use a Forwarding Host?

book

Article ID: 167534

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

When your BCWF service is configured to use a forwarding host, the parent ProxySG appliance could be blocking requests based on the policies configured on it. 

A typical BCWF request, looks like the following example: 

Note that the request is sent over port 80, when you use unsecure connections. 

GET /1/B/BCWF-FEB0111/BLU00001/0/GET/http/www.intuit-technologies.com/80/ HTTP/1.1

Host: 199.19.249.203

Accept: */*

X-Orig-User-Agent: Opera/9.80 (Windows NT 5.1; U; en) Presto/2.7.62 Version/11.01

User-Agent: BlueCoat ProxySG

Accept-Language: en-us

HTTP/1.1 200 Ok

Cache-control: max-age=86400

Content-type: text/html

Date: Thu, 17 Feb 2011 16:15:55 GMT

Last-Modified: Thu, 17 Feb 2011 16:15:55 GMT

Content-length: 61

<Result>

<Code>08010000</Code>

<DirC>15</DirC>

</Result>

When configured to use a forwarding host (sending to port 8080 on a parent proxy for example) it looks like this

GET http://199.19.249.201:80/1/R/3108061058/BLU00001/0/GET/http/www.intuit-technologies.com/80/ HTTP/1.1

Host: 199.19.249.201

Accept: */*

X-Orig-User-Agent: Opera/9.80 (Windows NT 5.1; U; en) Presto/2.7.62 Version/11.01

User-Agent: BlueCoat ProxySG

Accept-Language: en-us

HTTP/1.1 200 Ok

Cache-control: max-age=86400

Content-type: text/html

Date: Mon, 21 Feb 2011 13:37:55 GMT

Last-Modified: Mon, 21 Feb 2011 13:37:55 GMT

Content-length: 61

Proxy-Connection: Keep-Alive

Connection: Keep-Alive

Age: 0

<Result>

<Code>04008000</Code>

<DomC>15</DomC>

</Result>

Configuration - Forwarding Target = TEST

Resolution

Verify the following conditions on the parent proxy:
  • Are there any rules that could block/deny the request.
  • Is the parent proxy also filtering Web content? If yes, create  policy to disable filtering on the parent proxy. This is required because BCWF categorizes its own DRTR server IP addresses as "Non-Viewable" (Example 199.19.249.201). This makes the IP address in the request above "Non-Viewable" and unless the parent policy explicitly allows this category, the request will be dropped by the parent proxy and the DRTR lookup will not be completed. Thereby resulting in a failure to categorize the request.
Powered by Wolken Software