Appendix B: Testing and Troubleshooting
279
The following is a trace of the same policy, but for a transaction in which the request URL has an IP
address instead of a hostname.
1 start transaction ------------------------------
2 CPL Evaluation Trace:
3 <Proxy>
4 MATCH: trace.rules(all) trace.request(yes)
5 <Proxy>
6 miss: url.host.is_numeric=no
7 miss: url.address=!my_subnet
8 <Proxy>
9 n/a : ftp.method=STOR
10 <Proxy>
11 miss: url.domain=//my_site.com/
12 connection: client_address=10.10.0.10 proxy_port=36895
13 time: 2003-09-11 19:33:34 UTC
14 GET http://10.11.12.13/home.html
15 DNS lookup was restricted
16 RDNS lookup was restricted
17 User-Agent: Mozilla 8.6 (Non-compatible)
18 user: unauthenticated
19 end transaction --------------------------------
This shows many of the same features as the earlier trace, but has the following differences:
Line 12—The URL requested had a numeric host name.
Lines 15 and 16—Both DNA and RDNS lookups were restricted fo r this transactio n.
Line 11—Because RDNS lookups are restricted, the rule missed; no rewrite action was used for the
transaction and no rewrite action is reported in the transaction summary (lines 12-18).
Trace output can be used to determine the cause of action conflicts that may be reported in the event
log. For example, consider the following policy fragment:
<proxy>
trace.request(yes) trace.rules(all)
<proxy> action.set_header_1(yes)
[Rule] action.set_header_2(yes)
action.set_header_3(yes)
define action set_header_1
set(request.x_header.Test, "one")
|end
define action set_header_2
set(request.x_header.Test, "two")
end
define action set_header_3
set(request.x_header.Test, "three")
end
Because they all set the same header, these actions will conflict. In this example, the conflict is obvious
because all the actions are enabled in the same layer. However, conflicts can also arise when actions are
enabled by completely independent portions of policy. If an action conflict occurs, one of the actions is
dropped and an event log entry is made similar to the following: