
Appendix B: Testing and Troubleshooting
The following is a trace of the same policy, but for a transaction in which the request URL has an IP address instead of a hostname.
1start transaction
2CPL Evaluation Trace:
3 | MATCH: | <Proxy> |
4 | trace.rules(all) trace.request(yes) | |
5 | miss: | <Proxy> |
6 | url.host.is_numeric=no | |
7 | miss: | url.address=!my_subnet |
8 | n/a : | <Proxy> |
9 | ftp.method=STOR |
10<Proxy>
11miss: url.domain=//my_site.com/
12connection: client_address=10.10.0.10 proxy_port=36895
13time:
14GET http://10.11.12.13/home.html
15DNS lookup was restricted
16RDNS lookup was restricted
17
18user: unauthenticated
19end transaction
This shows many of the same features as the earlier trace, but has the following differences:
•Line
•Lines 15 and
•Line
Trace output can be used to determine the cause of action conflicts that may be reported in the event log. For example, consider the following policy fragment:
<proxy>
trace.request(yes) trace.rules(all)
<proxy> action.set_header_1(yes) [Rule] action.set_header_2(yes)
action.set_header_3(yes)
define action set_header_1 set(request.x_header.Test, "one")
end
define action set_header_2 set(request.x_header.Test, "two")
end
define action set_header_3 set(request.x_header.Test, "three")
end
Because they all set the same header, these actions will conflict. In this example, the conflict is obvious because all the actions are enabled in the same layer. However, conflicts can also arise when actions are enabled by completely independent portions of policy. If an action conflict occurs, one of the actions is dropped and an event log entry is made similar to the following: