Interception bypass

A small number of clients and servers do not work correctly with web proxies. Some reasons include:

  • Client software irregularities (customized, non-commercial browsers)
  • Server software irregularities
  • Applications that send non-HTTP traffic over HTTP ports as a way of defeating security restrictions
  • Server IP address authentication (the origin server limits access to a few client IP addresses, but the Content Gateway IP address is different, so it cannot get access)

    This is not in frequent use because many ISPs dynamically allocate client IP dial- up addresses, and more secure cryptographic protocols are now more often used.

Web proxies are very common in corporate and Internet use, so interoperability problems are rare. Nonetheless, Content Gateway contains an adaptive learning module that recognizes interoperability problems caused by transparent proxy processing and automatically bypasses the traffic around the proxy server without operator intervention.

Content Gateway follows 2 types of bypass rules:

  • Dynamic (also called adaptive) bypass rules are generated dynamically if you configure Content Gateway to bypass when it detects non-HTTP traffic on port 80 or when it encounters certain HTTP errors. See Dynamic bypass rules.
  • Static bypass rules must be manually configured in the bypass.config file. See Static bypass rules.
    Note: Do not confuse ARM bypass rules with client access control lists. Bypass rules are created in response to interoperability problems. Client access control is simply restriction of the client IP addresses that can access the proxy, as described in Controlling client access to the proxy.