Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuration Files > bypass.config
bypass.config
Help | Content Gateway | Version 8.1.x
The bypass.config file contains static bypass rules that Content Gateway uses in transparent proxy mode. Static bypass rules instruct Content Gateway to bypass certain incoming client requests so that they are served by the origin server.
The bypass.config file also accepts dynamic deny bypass rules. See Dynamic deny bypass rules.
You can configure three types of static bypass rules:
*
Source bypass rules configure the proxy to bypass a particular source IP address or range of IP addresses. For example, you can bypass clients that do not want to use caching.
*
Destination bypass rules configure the proxy to bypass a particular destination IP address or range of IP addresses. For example, you can bypass origin servers that use IP authentication based on the client's real IP address.
 
Important 
*
Source/destination pair bypass rules configure the proxy to bypass requests that originate from the specified source to the specified destination. For example, you can route around specific client-server pairs that experience broken IP authentication or out-of-band HTTP traffic problems when cached. Source/destination bypass rules can be preferable to destination rules because they block a destination server only for users that experience problems.
Format
Bypass rules have the following format:
bypass src ipaddress | dst ipaddress | src ipaddress AND dst ipaddress
 
src ipaddress
ipaddress can be one of the following:
*
Any combination of the above, separated by commas, such as 1.1.1.0/24, 25.25.25.25, 123.1.23.1-123.1.23.123
dst ipaddress
ipaddress can be one of the following:
*
Any combination of the above, separated by commas, such as 1.1.1.0/24, 25.25.25.25, 123.1.23.1-123.1.23.123
src ipaddress AND dst ipaddress
ipaddress can be a single IP address, an IP address range, or a combination of both separated by commas
Dynamic deny bypass rules
In addition to static bypass rules, the bypass.config file also accepts dynamic deny bypass rules.
Deny bypass rules prevent the proxy from bypassing certain incoming client requests dynamically (a deny bypass rule can prevent the proxy from bypassing itself). Dynamic deny bypass rules can be source, destination, or source/destination and have the following format:
deny_dyn_bypass src ipaddress | dst ipaddress | src ipaddress AND dst ipaddress
For a description of the options, see the table in Format.
 
Note 
For the dynamic deny bypass rules to work, you must enable the Dynamic Bypass option in the Content Gateway manager or set the variable proxy.config.arm.bypass_dynamic_enabled to 1 in the records.config file.
 
Important 
Examples
The following example shows source, destination, and source/destination bypass rules:
bypass src 1.1.1.0/24, 25.25.25.25, 128.252.11.11-128.252.11.255
bypass dst 24.24.24.0/24
bypass src 25.25.25.25 AND dst 24.24.24.0
The following example shows source, destination, and source/destination dynamic deny bypass rules:
deny_dyn_bypass src 128.252.11.11-128.252.11.255
deny_dyn_bypass dst 111.111.11.1
deny_dyn_bypass src 111.11.11.1 AND dst 111.11.1.1

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuration Files > bypass.config
Copyright 2016 Forcepoint LLC. All rights reserved.