Sometimes when user transactions match an installed policy is installed, the ProxySG appliance allows the URL request and doesn't notify the user.
Once the appliance finds a URL matching a notify policy rule, it evaluates the URL to confirm if it is notifiable. If the HTTP request or HTTP response of the URL request doesn't match any of the conditions of the __is_notifiable
definition, the URL is not notifiable. Thus the appliance cannot notify the user for the URL and the request is not denied by this rule.
define condition __is_notifiable
url.scheme=(http,https) \
http.method=GET \
request.header.User-Agent = '^(Mozilla|Opera)' \
request.header.Range = !'' \
request.header.If-Range = !'' \
http.response.code = 200 \
response.header.Content-Type='text/html'
end
As an example, if you review the following HTTP response, the packet doesn't contain "response.header.Content-Type", so this URL request isn't notifiable.
HTTP/1.1 200 OK
date: Sat, 14 Jun 2014 01:44:57 GMT
server: Cowboy
Content-Length: 0
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
If a firewall drops a URL request, there is no response and the URL request isn't nottifiable.
By the same token, if any of the __is_notifiable
conditions don't match, the appliance won't notify the user for the URL request.