Appendix B: Testing and Troubleshooting

The following is a trace of the same policy, but for a transaction in which the request URL has an IP address instead of a hostname.

1start transaction ------------------------------

2CPL Evaluation Trace:

3

MATCH:

<Proxy>

4

trace.rules(all) trace.request(yes)

5

miss:

<Proxy>

6

url.host.is_numeric=no

7

miss:

url.address=!my_subnet

8

n/a :

<Proxy>

9

ftp.method=STOR

10<Proxy>

11miss: url.domain=//my_site.com/

12connection: client_address=10.10.0.10 proxy_port=36895

13time: 2003-09-11 19:33:34 UTC

14GET http://10.11.12.13/home.html

15DNS lookup was restricted

16RDNS lookup was restricted

17User-Agent: Mozilla 8.6 (Non-compatible)

18user: unauthenticated

19end transaction --------------------------------

This shows many of the same features as the earlier trace, but has the following differences:

Line 12—The URL requested had a numeric host name.

Lines 15 and 16—Both DNA and RDNS lookups were restricted for this transaction.

Line 11—Because RDNS lookups are restricted, the rule missed; no rewrite action was used for the transaction and no rewrite action is reported in the transaction summary (lines 12-18).

Trace output can be used to determine the cause of action conflicts that may be reported in the event log. For example, consider the following policy fragment:

<proxy>

trace.request(yes) trace.rules(all)

<proxy> action.set_header_1(yes) [Rule] action.set_header_2(yes)

action.set_header_3(yes)

define action set_header_1 set(request.x_header.Test, "one")

end

define action set_header_2 set(request.x_header.Test, "two")

end

define action set_header_3 set(request.x_header.Test, "three")

end

Because they all set the same header, these actions will conflict. In this example, the conflict is obvious because all the actions are enabled in the same layer. However, conflicts can also arise when actions are enabled by completely independent portions of policy. If an action conflict occurs, one of the actions is dropped and an event log entry is made similar to the following:

279

Page 279
Image 279
Blue Coat Systems Proxy SG manual 279