Slow performance or ProxySG outages occurring when intercepting Outlook Web Access (OWA) and Office Online (O365) with ICAP scanning

book

Article ID: 169426

calendar_today

Updated On:

Products

Content Analysis Software - CA ProxySG Software - SGOS

Issue/Introduction

OWA or O365 URLs seem to be stuck in reading state on the Content Analysis. This may result in an experience of an outage due to the number of connections that enter into the reading state when you have an group of individuals using OWA or O365. These connections will remain in a reading state for upward of six digit times (600000ms as example), tying up ICAP connections.

Cause

OWA and O365 stream data to the ProxySG continuously where the end of the transaction is never seen. Essentially, it's a permanent stream of data being sent to the ProxySG without the end of file being delivered. In turn, the ProxySG delivers OWA/O365 data to the Content Analysis system the same way, in which the end of file is not delivered. Thus, the Content Analysis continues to wait for more data in the reading state, as the ProxySG continues to deliver data from the URL. Each of these transactions consume CAS resources and when all of the resources are exhausted, the ProxySG will slow down processing of new transactions and eventually stop all processing of transactions causing an outage.

Resolution

The only solution is to prevent the OWA/O365 traffic from being scanned so that the ProxySG and CAS resources are free to process all other web traffic.

Policy to prevent ICAP Scanning for OWA/O365 Traffic that causes reading state to occur:

  1. Install policy on the ProxySG to bypass ICAP for OWA and O365 URL/IPs. A list of IP/URLs for O365 can be found in article TECH246276
  2. Install the following policy for OWA traffic:

<cache>
server_url.path=/owa/ev.owa2 server_url.query.regex="(.*)ns=PendingRequest(.*)ev=PendingNotificationRequest(.*)" response.icap_service(no) response.icap_service(proxyav, fail_closed)