Blue Coat Systems Time Clock Proxy SG Manuale Utente
Appendix B: Testing and Troubleshooting
279
The following is a trace of the same policy, but for a transaction in which the request URL has an IP
address instead of a hostname.
address instead of a hostname.
1
start transaction ------------------------------
2
CPL Evaluation Trace:
3
<Proxy>
4
MATCH:
trace.rules(all) trace.request(yes)
5
<Proxy>
6
miss:
url.host.is_numeric=no
7
miss:
url.address=!my_subnet
8
<Proxy>
9
n/a
:
ftp.method=STOR
10
<Proxy>
11
miss:
url.domain=//my_site.com/
12
connection: client_address=10.10.0.10 proxy_port=36895
13
time: 2003-09-11 19:33:34 UTC
14 GET
http://10.11.12.13/home.html
15
DNS lookup was restricted
16
RDNS lookup was restricted
17
User-Agent: Mozilla 8.6 (Non-compatible)
18 user:
unauthenticated
19
end transaction --------------------------------
This shows many of the same features as the earlier trace, but has the following differences:
•
Line 12—The URL requested had a numeric host name.
•
Lines 15 and 16—Both DNA and RDNS lookups were restricted for this transaction.
•
Line 11—Because RDNS lookups are restricted, the rule missed; no rewrite action was used for the
transaction and no rewrite action is reported in the transaction summary (lines 12-18).
transaction and no rewrite action is reported in the transaction summary (lines 12-18).
Trace output can be used to determine the cause of action conflicts that may be reported in the event
log. For example, consider the following policy fragment:
log. For example, consider the following policy fragment:
<proxy>
trace.request(yes) trace.rules(all)
<proxy> action.set_header_1(yes)
[Rule] action.set_header_2(yes)
action.set_header_3(yes)
define action set_header_1
set(request.x_header.Test, "one")
|end
define action set_header_2
set(request.x_header.Test, "two")
end
define action set_header_3
set(request.x_header.Test, "three")
end
Because they all set the same header, these actions will conflict. In this example, the conflict is obvious
because all the actions are enabled in the same layer. However, conflicts can also arise when actions are
enabled by completely independent portions of policy. If an action conflict occurs, one of the actions is
dropped and an event log entry is made similar to the following:
because all the actions are enabled in the same layer. However, conflicts can also arise when actions are
enabled by completely independent portions of policy. If an action conflict occurs, one of the actions is
dropped and an event log entry is made similar to the following: