The Notify User action object does not modify the Allow or Deny states; therefore, it requires that the request hit an allow rule before the user is served with the notify user page.
Without an Allow Policy:
start transaction -------------------
CPL Evaluation Trace: transaction ID=7504
<Proxy> condition=!__is_notify_internal
MATCH: trace.request(yes) trace.rules(all) trace.destination(1234)
<Proxy "handle HTML Notification internal requests">
[Rule] url=http://notify.bluecoat.com/
miss : url=http://notify.bluecoat.com/
[Rule]
miss : url=http://notify.bluecoat.com/
[Rule]
miss : url=/notified-NotifyUser1?
miss : url=/verify-NotifyUser1?
miss : url=/verify-NotifyUser1?
[Rule]
MATCH: action.__delete_notify_cookies(yes)
<Cache "suppress DRTR for HTML Notification internal URLs">
miss : condition=__is_notify_internal
connection: service.name=Explicit HTTP client.address=10.105.0.128 proxy.port=8080
time: 2011-01-11 03:43:53 UTC
GET http://www.example.com
Cookie: PREF=ID=ff75e69b4f124e6c:U=7c97850933b01c6b:FF=0:TM=1293123577:LM=1293123577:S=ogNAFri8QKBYVybb
Cookie: NID=42=BDB00PAAz_RoT4NoNU2c4R5I_DIi68lTxZ7WUDdpzUsYNGW425YlMWb72BXODBxXHQYTKZY7Asei6nQY4cBRowwM7X5GS5c6HVVyI2fpdUxFFbv-V9mtrdhIlX0NtMsJ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729)
user: unauthenticated
DENIED: Default secure policy mode <----------------- Hitting the default DENY Policy
DSCP client outbound: 65
DSCP server outbound: 65
stop transaction --------------------
With an ALLOW policy:
start transaction -------------------
CPL Evaluation Trace: transaction ID=7545
<Proxy> condition=!__is_notify_internal
MATCH: ALLOW policy.NotifyUser1 <----------------- Hitting ALLOW Policy
<Proxy> condition=!__is_notify_internal
MATCH: trace.request(yes) trace.rules(all) trace.destination(1234)
<Proxy "handle HTML Notification internal requests">
[Rule] url=http://notify.bluecoat.com/
miss : url=http://notify.bluecoat.com/
[Rule]
miss : url=http://notify.bluecoat.com/
[Rule]
miss : url=/notified-NotifyUser1?
miss : url=/verify-NotifyUser1?
miss : url=/verify-NotifyUser1?
[Rule]
MATCH: action.__delete_notify_cookies(yes)
<Cache "suppress DRTR for HTML Notification internal URLs">
miss : condition=__is_notify_internal
Called policy definition: NotifyUser1
<Proxy>
MATCH: condition=__NotifyUser1_should_notify action.__NotifyUser1_check_notify(yes)
connection: service.name=Explicit HTTP client.address=10.105.0.128 proxy.port=8080
time: 2011-01-11 03:45:26 UTC
GET http://www.example.com
Cookie: PREF=ID=ff75e69b4f124e6c:U=7c97850933b01c6b:FF=0:TM=1293123577:LM=1293123577:S=ogNAFri8QKBYVybb
Cookie: NID=42=BDB00PAAz_RoT4NoNU2c4R5I_DIi68lTxZ7WUDdpzUsYNGW425YlMWb72BXODBxXHQYTKZY7Asei6nQY4cBRowwM7X5GS5c6HVVyI2fpdUxFFbv-V9mtrdhIlX0NtMsJ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729)
user: unauthenticated
REDIRECT(policy_redirect)
redirect location=http://notify.bluecoat.com/notify-NotifyUser1?http/www.google.com.my/aHR0cDovL3d3dy5nb29nbGUuY29tLm15Lw== (302) <----------------- Redirected to Notify User Page
DSCP client outbound: 65
DSCP server outbound: 65
stop transaction --------------------