ProxySG Notify User page rule is not matching

book

Article ID: 170478

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

ProxySG unable to issue Notify User page when the user download image file. The Notify User page is displayed when the user accessing the main website, However, the Notify User page will be failed when try to match the image component on the website.

Cause

1. This is the condition to notify user

define condition __NotifyUser_should_notify
    condition=__is_notifiable \
    condition=!__is_notify_internal \
    request.header.Cookie=!'notified-NotifyUser=1'
end


2. Lets drill down further to __is_notifiable condition

define condition __is_notifiable
    http.method=GET url.scheme=(http, https) request.header.User-Agent="^(Mozilla|Opera)" request.header.Range=!"" request.header.If-Range=!"" http.response.code=200 response.header.Content-Type="text/html"
end


As per condition above, in order for the proxy to issue the notify page, the http request and http response MUST match all requirements above. However, the request  made towards https://www.symantec.com/content/en/us/enterprise/images/theme/ssl-information-center/images/what-is-ssl-2.png will not match the last requirement, which is response.header.Content-Type="text/html" since this is image request instead of html.

 As a result, the policy will not be matching.

Environment

Example:
Notify user policy rule will match when accessing https://www.symantec.com however, the rule is not matching when the user directly access https://www.symantec.com/content/en/us/enterprise/images/theme/ssl-information-center/images/what-is-ssl-2.png.

Resolution

In order for the proxy to issue the notify page, the http(s) request and response MUST match all conditions below:

1. The HTTP Method must be GET
2. The url.scheme must be http or https
3. The user-Agent header must be begin with Mozilla or Opera
4. The request.header.Range and request.header.If-Range (if exist) =!"" (must not be blank)
5. The http response code must be 200
6. The response header header.Content-Type must be in "text/html"

The "__is_notifiable" condition is hard-coded in the proxy SGOS and it cannot be changed.