cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2320
Views
5
Helpful
6
Replies
Highlighted
Beginner

IronPort Web Security impossible edit proxy.pac

Hi,

I'm installing 2 ironPort Web Appliance Security S170.

I have edited my proxy.pac file and send it to both appliance. But now the PAC file is impossible to edit !

When you go:  Security Service --> Pac File Hosting --> Edit

The Appliance tells "APPLICATION ERROR. An application error has occured and been logged to the GUI logs"

I only have this error in gui_logs:

Wed Jul 10 08:48:27 2013 Critical: An application fault occurred: ('json/encoder.py _iterencode|294', "<type 'exceptions.UnicodeDecodeError'>", "'utf8' codec can't decode bytes in position 101-103: invalid data", '[util/Aquarium.py screenLoop|403] [util/InternalLibrary.py inverseExtend|328] [util/InternalLibrary.py __call__|746] [screen/Controller.py __call__|25] [util/InternalLibrary.py __call__|746] [screen/CommonController.py __call__|40] [util/InternalLibrary.py __call__|746] [screen/AppController.py __call__|182] [util/InternalLibrary.py __call__|748] [security_services/pac_file_hosting.py __call__|56] [screen/Controller.py executeAction|67] [security_services/pac_file_hosting.py doFormEditAction|115] [json/__init__.py dumps|230] [json/encoder.py encode|367] [json/encoder.py _iterencode|306] [json/encoder.py _iterencode_list|204] [json/encoder.py _iterencode|306] [json/encoder.py _iterencode_list|204] [json/encoder.py _iterencode|294]')

Yesteday I was in version 7.5.0, I've updated to last version 7.5.1-201 but stil same problem.

I have this problem on both appliance,

Thanks for help

Jeremy

Everyone's tags (3)
6 REPLIES 6
Highlighted
Beginner

IronPort Web Security impossible edit proxy.pac

Hi Jeremy,

may i ask you how to create the PAC, i got two  site which have one ironport s170 at each site, i understanding PAC can provide reduency when one of each failed..but how exactly setup ?

do i need to change any IE setting as well on client site? currently IE setting was point to specific ironport hostname as proxy server column..

Thankss

Highlighted
Beginner

Re: IronPort Web Security impossible edit proxy.pac

Jeremy this was as good as a solution for us, we had the issue after upgrading from 7.1 to 7.5.1.

We had about ~10 PAC files hosted on the appliance. After importing the modified config file with the pac section from your post, I was able to re-add the 10 files we had before.

Thanks for sharing.

Highlighted
Beginner

IronPort Web Security impossible edit proxy.pac

If ever someone got the same problem for the moment the only way we found to bypass this error,

Get the config file from appliance

Edit the config file, check for these values below to be exactly the same:

    0

    9001

   

    0

    0

    Management

   

   

   

       

           

           

       

   

Import this modified config file to the Appliance.

Go to:

Security Service --> Pac File Hosting

You will be able to import a new proxy.pac

Not a solution but helpfull...

Bye

Highlighted
Cisco Employee

IronPort Web Security impossible edit proxy.pac

I would recommend opening a support case with WSA TAC. Make sure to enable remote access as we will have to VI the pac file in order to find the high bit chrachter.

Sincerely,

Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator

Sincerely, Erik Kaiser WSA CSE WSA Cisco Forums Moderator
Highlighted
Beginner

IronPort Web Security impossible edit proxy.pac

The error was generated by caracter 'é'. Avoid accents and special caracter in pac commentaries.

But problem is that if you have already uploaded the proxy.pac you won't be able to correct it. The Web appliance will prompt you an error. The only way we found is to manually modify the configuration file like in my post above.

Jeremy

Highlighted
Cisco Employee

Re: IronPort Web Security impossible edit proxy.pac

This is correct.  There is a defect in version 7.5.1 that causes this behavior.  High bit characters in PAC files that have been uploaded to the WSA will cause the application fault when trying to access it again.  I have not tried the workaround method that Jfafinski mentioned.

Alternatively, you can open up a ticket with TAC and the TAC engineer will be able to use the Remote Access of the appliance to retrieve and delete the PAC file on the appliance.

-Vance