ProxySG & Advanced Secure Gateway

 View Only

  • 1.  ProxySG Exception Lists and the best method of Entry

    Posted Aug 17, 2017 09:20 AM

    Hi,

    This is a very simple question for a newbie to BlueCoat Proxy filtering.

    Using the Visual Policy Editor when I look at our URL exceptions lists I see a number of entries that I know are a big no no according to the best practices guide.

    Example

    *.office.com

    So the quick question:

    If I change the entry above to:

    office.com

    Does that still cover all the pre-entries / subdomain entries ie:

    home.office.com

    outlook.office.com

    portal.office.com

    OR

    Does it only cover post entries

    office.com/xxx/xxx

    OR both?

    I'm happy to remove all the wildcard entries as I know they are very CPU intensive, but I need to understand the impact of doing so, and as this is a live environment, I would rather avoid 'testing' when asking experts / experienced administrators seems a much safer choice.

    BTW the documentation is not very clear on this as it's aimed more at using command line REGEX entries.

    Cheers

     

     



  • 2.  RE: ProxySG Exception Lists and the best method of Entry

    Posted Aug 18, 2017 03:54 AM

    Hi,

    yes, "office.com" is sufficient to cover all sub domains, hosts, paths, files etc.

     

    Note:

    Wildcards like in "*.domain.com" have no meaning in CPL, the Content Policy Language used by the ProxySG. So I would be surprised if that entry works at all. I assume you wouldn't get any match for "*.office.com" and your policy only works because of the more specific entries you mentioned, like "home.office.com", "outlook.office.com", "portal.office.com", which are all valid.

    So you should remove all such wildcards. They don't work and are not necessary.

    Kind Regards,

    Gunnar