Caching Method options

Cache using IP address only – specifies that all credentials are cached with IP address surrogates. This is the recommended method when all clients have unique IP addresses.

Cache using Cookies only – specifies that all credentials are cached with cookie surrogates. This is recommended when all clients share IP addresses, as with multi-host servers such as Citrix servers, or when traffic is NATed by a device that is forwarding traffic to Content Gateway.

Cache using both IP addresses and Cookies – specifies to use cookie surrogates for the IP addresses listed in the cookie caching list, and to use IP address surrogates for all other IP addresses. This is recommended when the network has a mix of clients, some with unique IP addresses and some using multi-user hosts or that are subject to NATing.

The cookie caching list is a comma separated list that can contain up to:

  • 64 IPv4 addresses
  • 32 IPv4 address ranges
  • 24 IPv6 addresses
  • 12 IPv6 address ranges

For a description of surrogate credentials, see Surrogate credentials.

Cookie mode caching:
  • Cookie mode caching does not work with applications that do not support cookies, or with browsers in which cookie support has been disabled.
  • When the browser is Internet Explorer, the full proxy hostname in the form “http://host.domain.com” must be added to the Local intranet zone.
  • When the browser is Chrome, it must be configured to allow third-party cookies or configured for an exception to allow cookies from the proxy hostname in the form “host.domain.com”.
  • When the IP address is set for cookie mode and the request method is CONNECT, no caching is performed.
  • Cookie mode caching is not performed for FTP requests.
  • Cookie mode caching is supported by Captive Portal and client certificate authentication.
  • For explicit proxy, cookie-based authentication is not supported for HTTPS. IP-address authentication is used.
Note: The user interface setting to disable the NTLM cache for explicit proxy has been removed. Although not recommended, the cache can be disabled for explicit proxy traffic in records.config by setting the value of proxy.config.ntlm.cache.enabled to 0 (zero).