Dynamic deny bypass rules
In addition to static bypass rules, the bypass.config file also accepts dynamic deny
bypass rules.
Deny bypass rules prevent the proxy from bypassing certain incoming client requests dynamically (a deny bypass rule can prevent the proxy from bypassing itself).
Dynamic deny bypass rules can be source, destination, or source/destination and have the following format:
deny_dyn_bypass src ipaddress | dst ipaddress | src ipaddress AND dst ipaddress
For a description of the options, see the table in Format.
For the dynamic deny bypass rules to work, you must either:
- Enable the Dynamic Bypass option in the Content Gateway manager.
- Set proxy.config.arm.bypass_dynamic_enabled to 1 in the records.config file.
Important: Static bypass rules overwrite dynamic deny bypass rules. Therefore, if a static bypass rule and a dynamic bypass rule contain the same IP address, the dynamic deny bypass rule
is ignored.