If you see the above error exception message, Blue Coat recommends that you upgrade to SGOS 18.104.22.168. SGOS 22.214.171.124 has support for normalizing certain forms of invalid headers rather than rejecting them. Two new access log fields with policy substitution (x-bluecoat-normalized-response-headers
) have also been added. In cases where 126.96.36.199 does still reject a response, the x-bluecoat-invalid-response-headers
field will report what made the response invalid. And in cases where the ProxySG appliance automatically normalizes the headers and returns the corrected response to the client, the x-bluecoat-normalized-response-headers
field reports what normalization changes the appliance made.
If you continue to see the exception error after upgrading to 188.8.131.52, you can enable the following CPL to bypass the exception:Note:
If you enable the ProxySG appliance to tolerate invalid headers, your appliances might be open to client-side attacks that involve headers that are not RFC compliant. Blue Coat recommends that you should only enable the following policy in cases where you trust the OCS and the network path between the OCS and you client computers.
To trigger by domain names you want to tolerate invalid header response, you could use the following CPL:
define url.domain condition tolerate_sites_resp