Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Transparent Proxy and ARM > Interception bypass > Dynamic bypass rules
Dynamic bypass rules
Help | Content Gateway | Version 7.8.x
 
Related topics:
*
Setting dynamic bypass rules
*
Viewing dynamic bypass statistics
When configured to do so, the proxy watches for protocol interoperability errors. As it detects errors, it configures the ARM to bypass the proxy for those clients and servers causing the errors.
In this way, the small number of clients or servers that do not operate correctly through proxies are auto-detected and routed around the proxy caching server so that they can continue to function (but without caching).
You can configure the proxy to dynamically bypass itself for any of the following errors:
 
Error code
Description
N/A
Non-HTTP traffic on port 80
400
Bad Request
401
Unauthorized
403
Forbidden (authentication failed)
405
Method Not Allowed
406
Not Acceptable (access)
408
Request Timeout
500
Internal Server Error
For example, when Content Gateway is configured to bypass on authentication failure (403 Forbidden), if any request to an origin server returns a 403 error, Content Gateway generates a destination bypass rule for the origin server's IP address. All requests to that origin server are bypassed until you restart the proxy.
In another example, if the ARM detects that a client is sending a non-HTTP request on port 80 to a particular origin server, Content Gateway generates a source/destination rule. All requests from that particular client to the origin server are bypassed; requests from other clients are not bypassed.
Bypass rules that are generated dynamically are purged after a Content Gateway restart. If you want to preserve dynamically generated rules, you can save a snapshot of the current set of bypass rules. See Viewing the current set of bypass rules.
To prevent Content Gateway from bypassing certain IP addresses dynamically, you can set dynamic deny bypass rules in the bypass.config file. Deny bypass rules can prevent the proxy from bypassing itself. For information about setting dynamic deny bypass rules, see bypass.config.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Transparent Proxy and ARM > Interception bypass > Dynamic bypass rules
Copyright 2016 Forcepoint LLC. All rights reserved.