Caution: The content of this KB article is meant to help troubleshoot URL issues, but is by no means to be considered as a fix or a permanent solution unless Support recommends it in very specific cases.
; ################# BEGIN Magic Script - Test to Disable Proxy Features Based on IP #################
; Disclaimer: Some of these options will disable authentication and virus scanning.
; Make sure this is only applies to one machine to minimize the risk.
; This script disables a variety of internal proxy features.
; To disable features on an exception basis, simply add a ";" symbol before each feature
<proxy>
Condition=TestIP trace.destination("Troubleshooting_trace") trace.request(yes)
<proxy>
Condition=TestIP authenticate(no) ALLOW
<proxy>
Condition=TestIP detect_protocol(none)
<proxy>
Condition=TestIP http.client.persistence(no) http.server.persistence(no) bypass_cache(yes) http.request.version(1.0) http.response.version(1.0) server_url.dns_lookup (ipv4-only)
<cache>
Condition=TestIP request.icap_service(no) response.icap_service(no)
<cache>
Condition=TestIP pipeline(no) cache(no)
<SSL-Intercept>
condition=TestIP ssl.forward_proxy(no)
<SSL>
condition=TestIP client.certificate.validate(no) server.certificate.validate(no)
define condition TestIP
; Put the testing machine IP instead of "ip.address.of.test_workstation"
client.address=ip.address.of.test_workstation
end
; ############### END Magic Script - Test to Disable Proxy Features Based on IP ###############
;::::::::::::::::::: BEGIN Bypass Proxy Based on URL :::::::::::::::::::
; Disclaimer: Some of these options will disable authentication and virus scanning.
; Make sure this only applies to the intended URLs to minimize the risk.
; This script disables a variety of internal proxy features.
; To disable features on an exception basis, simply add a ";" symbol before each feature
<proxy>
condition=ByPassProxyByURL authenticate(no) ALLOW
<proxy>
condition=ByPassProxyByURL detect_protocol(none)
<proxy>
condition=ByPassProxyByURL http.client.persistence(no) http.server.persistence(no) bypass_cache(yes) http.request.version(1.0) http.response.version(1.0) server_url.dns_lookup(ipv4-only)
<cache>
condition=ByPassProxyByURL request.icap_service(no) response.icap_service(no)
<cache>
condition=ByPassProxyByURL pipeline(no) cache(no)
<ssl-intercept>
condition=ByPassProxyByURL ssl.forward_proxy(no)
<SSL>
condition=ByPassProxyByURL server.certificate.validate(no)
define condition ByPassProxyByURL
; Put the domain you need to test with instead of "example.com". All subdomains of this domain will be affected by this script unless you specify it. You can add more lines like the one below in case you need to disable these features for different domains.
url.domain="example.com"
end condition ByPassProxyByURL
;::::::::::::::::::: END Bypass Proxy Based on URL :::::::::::::::::::
Frequently Asked Questions
Q1: Will this affect the corporate infrastructure?
A1: No. This will only affect the traffic for the specified test machine/s or URL/s.. Global options are commented out by default.
Q2: Will this stop authentication and virus scanning?
A2: Yes. This has a security implication but it's meant to be a temporary test that only affects one computer or URL. Our intention is for the final solution to be the most restrictive as possible, using these scripts as a starting point.
Q3: Can I do this on production environment?
A3: Yes. It does not affect the overall performance of the proxy and does not lock admin accounts.
Q4: What exactly will this CPL do?
A4: This is a temporary test to isolate the problem. It disables features that could affect the flow of traffic like authentication, http persistence, pipelining, etc. For details, refer to the CPL in the appropriate Content Policy Language Reference.
Q5: How will this solve the problem experienced?
A5: The objective of this test is to isolate the problem. It may or may not represent a fix, but it will help you in defining the cause.
Q6: How can I be sure the CPL is effective?
A6: If the results are not immediately noticed, take a Policy Trace and make sure the CPL is overriding all other VPM/policy decisions.
Q7: How can I identify the exact feature causing the problem and apply an exemption only to that?
A7: If the sample CPL code solves the issue, start re-enabling some of the disabled features, by using a semi-colon in front of the line that call the function.