How to Prevent Policy Avoidance Using Direct IP of Website within Local database on ProxySG


Article ID: 169219


Updated On:


Advanced Secure Gateway Software - ASG ProxySG Software - SGOS


A customer wants to use a local database rather then BCWF but is concerned that users will be able to bypass the policy by accessing the URL directly via the IP address.


In order to prevent this, RDNS restrictions should be set to None. This is because if the ProxySG does not perform a RDNS lookup and relates it to the host domain, then it will not be able to match the rule within the Policy as the database does not contain the IP address like the BCWF does.

 During testing this was found to be correct for some websites such as 

User-added image
...but on other websites such as (ns: lookup, access to the frame of the website was possible using the IP address but when clicking on any related URLs resulted in an exception page.

User-added image
This was due to the IP resolving to a content server rather than the URL.

Block the content server in order to prevent this ( 

 User-added image