Issue/Introduction:
Symptoms:
Using Internet Explorer 11 (not a problem using Chrome) the problem manifests itself
IE 11 using Fiddler and no problem.
Using a custom PAC file with multiple PROXY statements
Proxy file or name of proxy file may change
Very slow performance with SAML
Going to a simple website can take a long time
Cause:
Blue Coat Support was able to reproduce the issue. Here are some items of note:
- The problem manifests itself when there are at least two PROXY statements used with IP addresses in the proxy statements
- The problem was reproduced when switching between two proxy.pac files and the IP addresses in the PROXY statements were changed.
- It appears that the browser is losing its server affinity. Here is what a packet capture looks like
Here is what showed up in a packet capture when this happened.
- Proxy: 199.19.250.164 > Get http://test.threatpulse.com/
- Proxy: 199.116.175.164 > Connect saml.threatpulse.net:8443
- IDP: <internal IP address> > Get the SAML assertion (x2)
- Proxy: 199.116.175.164 > Connect saml.threatpulse.net:8443
- Proxy: 199.19.250.164 > Get http://test.threatpulse.com/?SAML_Auth_cookie
- Repeat steps 4 and 5 about 80+ times
- Proxy: 199.19.250.164 > Connect saml.threatpulse.net:8443
- Proxy: 199.19.250.164 > Get http://test.threatpulse.com/?SAML_Auth_cookie
- Success. The success occurs because transactions 7 and 8 are against the same proxy.
Blue Coat Support saw instances where the bouncing between data pods never stopped and went on indefinitely. It is not known what triggers this to occur.
Resolution:
The PAC file in use consisted of at least two PROXY statements (return "PROXY <data_center1_IP_address>:8080; PROXY <data_center2_IP_address>:8080";). The resolution is to either use proxy.threatpulse.net in lieu of using an IP address, or use a single IP address and one PROXY statement instead of two PROXY statements.