When going to some sites (example: logging in at www.cleanenergybc.org ) and using explicit proxy with Internet Explorer (IE) only, the website will return an HTTP 403 "Access Denied" response.
Here are the details of the problem:
1. When IE is NOT set to use a proxy, it sends a 'cache-control' HTTP header.
2. When IE IS set to use a proxy, it sends a 'pragma' HTTP header.
3. When the ProxySG receives either a 'cache-control' or 'pragma' HTTP header from a client, it will use either one respectively (by default when applicable).
4. Some websites such as www.cleanenergybc.org deny access to requests with a 'pragma' header when logging in.
5. When Chrome and Firefox are set to use a proxy, they send a 'cache-control' header instead of a 'pragma' header, which is why this problem doesn't occur when using these browsers.
Although this issue is caused by the way the IE browser and the website behave, you can create a workaround on the proxy by suppressing the 'pragma' when going to this site.
You can install the following CPL policy in your local policy text editor by navigating in the ProxySG's Management Console to Configuration>Policy>Policy Files>Install Local File from: Text Editor
;=====Begin pragma: no-cache access denied workaround=====
define condition Pragma-Deny-Sites ; Sites that deny requests with 'pragma: no-cache' header
;--replace this line with a website you're having the issue with (example in red below)--;
define action Suppress-Pragma
end action Suppress-Pragma
;=====End pragma: no-cache access denied workaround=====
This can also be pasted into a CPL Layer in the VPM
You can configure this in the VPM on a Web Access Layer by setting a destination URL of cleanenergybc.org and a "Control Request Header" object set to suppress the 'pragma' header as the action.