Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Transparent Proxy and ARM > Interception bypass > Dynamic bypass rules
Dynamic bypass rules
Help | Content Gateway | v8.4.x
The proxy can be configured to watch for the following protocol interoperability errors and configure the ARM to bypass the proxy for the clients and servers causing the errors.
 
Error code
Description
N/A
Non-HTTP traffic on port 80
400
Bad Request
401
Unauthorized
403
Forbidden (authentication failed)
405
Method Not Allowed
406
Not Acceptable (access)
408
Request Timeout
500
Internal Server Error
In this way, the small number of clients or servers that do not operate correctly through proxies are auto-detected and routed around the proxy caching server so that they can continue to function (but without caching).
For example:
*
When Content Gateway is configured to bypass on authentication failure (403 Forbidden), if any request to an origin server returns a 403 error, Content Gateway generates a destination bypass rule for the origin server's IP address. All requests to that origin server are bypassed until you restart the proxy.
*
If the ARM detects that a client is sending a non-HTTP request on port 80 to a particular origin server, Content Gateway generates a source/destination rule. All requests from that particular client to the origin server are bypassed; requests from other clients are not bypassed.
To enable dynamic bypass rules:
1.
In the Content Gateway manager, navigate to the Configure > Networking > ARM > Dynamic Bypass tab.
2.
Under Dynamic Bypass, select Enabled.
3.
Under Behavior, enable each dynamic bypass rule you want to use.
4.
Click Apply.
5.
Navigate to the Configure > My Proxy > Basic > General tab and click Restart.
Bypass rules that are generated dynamically are purged after a Content Gateway restart. If you want to preserve dynamically generated rules, you can save a snapshot of the current set of bypass rules. See Viewing the current set of bypass rules.
To prevent Content Gateway from bypassing certain IP addresses dynamically, you can set dynamic deny bypass rules in the bypass.config file. Deny bypass rules can prevent the proxy from bypassing itself. For information about setting dynamic deny bypass rules, see bypass.config.
Content Gateway tallies bypassed requests for each type of dynamic bypass trigger (for example, requests bypassed in response to a 401 error). View these statistics on the Monitor > Networking > ARM page of the Content Gateway manager, under HTTP Bypass Statistics.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Transparent Proxy and ARM > Interception bypass > Dynamic bypass rules
Copyright 2017 Forcepoint. All rights reserved.