ProxySGWeb Visual Policy Manager Reference - SGOS 7.2.x
n Always Verify: Cached content is always verified for
freshness for the sources, destinations, or service
specified in the rule. For example, the CEO and
Executive Staff always require content to be the most
recent, but everyone else can be served from the
cache.
n Block/Do Not Block PopUp Ads: Blocks or allows
pop up windows. Symantec recommends creating
separate Web Access Layers that only contain pop up
blocking actions. Furthermore, many Web applications
require pop up windows. As it is unlikely that your
Intranet contains pages that pop up unwanted
advertising windows, Symantec recommends
disabling pop up blocking for your Intranet. For
example:
Web Access Layer rule 1: Specify the Intranet IP
address and subnet mask in the Destination column
and select Do Not Block Popup Ads in the Action
column.
Web Access Layer rule 2: Select Block Popup Ads in
the Action column.
As you continue to modify policy, you can add more
policy layers to block or allow specific IP addresses,
but the policy layer as defined in the Web Access
Layer rule 2 above must always be positioned last.
Blocking pop up ads is the default if a previous policy
rule does not trigger.
n Bypass Cache: Prevents the cache from being
queried when serving a proxy request, and prevents the
response from the origin server from being cached.
n Bypass DNSCache: Prevents the request from
querying the DNS cache list of resolved lookup names
or addresses.
n Check/Do Not Check Authorization: Controls
whether or not the ProxySG appliance forces a request
to be sent to an upstream server every time to check
authorization, even if the content is already cached.
The check action is not usually required for upstream
origin content servers performing authentication, as the
appliance automatically tracks whether content
required authentication in each case. However, it can
not support an IWA challenge from an origin server. If
Force IWA for Server Auth is applied, the ProxySG
appliance converts the 401-type server authentication
challenge to a 407-type proxy authentication challenge,
which IE supports. The appliance also converts the
resulting Proxy-Authentication headers in client
requests to standard server authorization headers,
which allows an origin server IWA authentication
challenge to pass through when IE is explicitly proxied
through the appliance.
n Integrate/Do Not Integrate New Hosts: Used in
server accelerator deployments. When enabled, the
corresponding host that is accessed is added to the list
of hosts for which the ProxySG appliance performs
health checks. If that host name resolves to multiple IP
addresses that correspond to different servers, the
appliance fetches content from the available servers
and ignores the servers that fail the health check.
n
Log Out/Do Not Log Out Other Users With Same
IP: If more than one user is logged in at the IP address
of the current transaction, this property logs out all
users from the current IP address except the user of
the current transaction.
n Log Out/Do Not Log Out User: If more than one user
is logged in at the IP address of the current transaction,
this property logs out all users from the current IP
address except the user of the current transaction.
n Log Out/Do Not Log Out User’s Other Sessions: If
a user is logged in at more than one IP address, this
property logs out the user from all IP address except
the IP address of the current transaction.
n Mark/Do Not Mark As Advertisement: Specifies
content to be identified as an advertisement. The
ProxySG appliance still fetches content from the cache
(if present); however, just after serving to the client, the
content is re-fetched from the ad server so that hit
counters are updated.
n Preserve Untrusted Issuer: If an OCS presents a
certificate to the ProxySG appliance that is not signed
by a trusted Certificate Authority (CA), the appliance
acts as a CA and presents the browser with an
untrusted certificate. A warning message is displayed
95 of 211