The localhost address is often used by clients to access a specific service via the browser. These services come in the form of applications installed on the client machines and run on a specific port.
Some malware use the localhost address to access a specific resource or to open a new listening port that can later be used for gaining unauthorized access into the system.
Depending on the deployment of the ProxySG, some measures can be implemented to prevent this from happening.
Explicit deployments:
In this deployment, clients are forced to go through the proxy via the browser settings. This includes localhost address requests. These requests should be bypassed in the browser settings as exceptions, otherwise, it will result in a network error.
When a localhost destination address is seen in the Access Logs or a Policy trace, it is strongly encouraged to verify that the applications that are making those requests are safe to use.
If clients use a local IP address instead, the proxy will see that request and process it in respect to the client local IP. Under this scenario, the content is then served to the same client.
Note: It is important to check the application performing the request in question because it's possible the request will not fail unless blocked properly by policy.
Transparent deployments: