Unable to reach a secure site (page not displayed) through the ProxySG or ASG. Protocol Detection is enabled.
Detect Protocol (or Protocol Detection) is enabled by default on ProxySG and Advanced Secure Gateway (ASG). This feature monitors the characteristics of a connection to determine what mechanism it should use to handle it.
A workaround is to disable Protocol Detection for a single site or single domain.
<proxy>
url.domain=example.com detect_protocol(none)
;############## Disable Protocol Detection ##############
; This script disables protocol detection. ; Detect Protocol (or Protocol Detection) is a ProxySG feature that looks ; into characteristics of a connection to determine what mechanism it should ; use to handle it. On occasion this needs to be disabled on exception ; (per site basis). ; For example, if an SSL connection comes into the ProxySG on port 80 ; (typically used for HTTP instead of SSL), and if Protocol Detection is enabled, ; the ProxySG will see that it is actually SSL traffic and handle it as such. ; If Protocol Detection is disabled (it is disabled by default) the connection ; will be tunneled as it is not valid HTTP traffic. Protocol Detection can also ; be used to identify peer-to-peer traffic and many other types of traffic which ; may attempt to use non-standard ports. ; For more information refer to: ; - Tech243402 (https://knowledge.broadcom.com/external/article/167521/) ; - Tech243102 (What is Detect Protocol and what does it do?) ; Condition Note(s): ; - To disable by URL, use the syntax ---> url.domain=example.com ; - To disable by Destination IP, use the syntax ---> url.address=10.10.10.10 ; - To disable by User Agent, use the syntax ---> User-Agent="application-specific-agent-name" ;--------------------------------------------------------------------- <proxy> condition=PDExceptionList detect_protocol(none) define condition PDExceptionList url.domain=example1.com
url.domain=example2.com
end condition PDExceptionList
;############ END Disable Protocol Detection ############
detect_protocol(none) - Why doesn't a detect_protocol(no) rule work for some sites or applications when applied in the VPM?
detect_protocol(no) - What is the CPL to disable detect_protocol for a specific target website only for iPhone / iPad devices?
detect_protocol.ssl(no) - Not able to use detect_protocol.ssl(no) to bypass SSL Interception
detect_protocol[ssl,https](no) - Intermittent issue with Consumer Skype access when connecting transparently with SSL interception enabled.
detect_protocol[ssl,https,sips](no) - HTTPS requests may fail or be delayed for 30 seconds when using ProxySG
detect_protocol[ssl,https,sips,sip](no) - Intermittent issue with Consumer Skype access when connecting transparently with SSL interception enabled.
In VPM follow: Detect Protocol needs to be disabled in ProxySG or Advanced Secure Gateway or Web Security Service in UPE Mode
Notes:
Protocol Detection and SSL interception are not the same
SSL interception relies on Protocol Detection to be enabled
Server Certificate checks (server.certificate.*) relies on Protocol Detection to be enabled
Disabling Protocol Detection disable the SSL interception AND Server Certificate checks