cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1577
Views
0
Helpful
2
Replies

Why does a forward proxy resolve URL names?

Hi,

It's about a AsyncOS7.5 on Ironport S360.

I realized that the proxy which is configured as a forward proxy always resolves

the URL names.

In my opinion that's totally unnecessary.

This is actually the job of the last proxy in the chain which has to deliver the request to the web server (ip address).

How can I stop it?

Thanks

2 Replies 2

Vance Kwan
Cisco Employee
Cisco Employee

The appliance will resolve the URL names to get its IP address for WBRS scoring purposes.

I haven't tested to see if turning off the WBRS feature will stop these lookups.  But I would think there may be more services that require the IP address to function correctly.

-Vance

Edit:  You may want to try to adjust this configuration to see if it helps in the CLI:

s660r01.csw> advancedproxyconfig

Choose a parameter group:

- AUTHENTICATION - Authentication related parameters

- CACHING - Proxy Caching related parameters

- DNS - DNS related parameters

- EUN - EUN related parameters

- NATIVEFTP - Native FTP related parameters

- FTPOVERHTTP - FTP Over HTTP related parameters

- HTTPS - HTTPS related parameters

- SCANNING - Scanning related parameters

- MISCELLANEOUS - Miscellaneous proxy related parameters

[]> dns

Enter values for the DNS options:

Enter the URL format for the HTTP 307 redirection on DNS lookup failure.

[%P://www.%H.com/%u]>

Would you like the proxy to issue a HTTP 307 redirection on DNS lookup failure?

[Y]>

Would you like proxy not to automatically failover to DNS results when upstream proxy (peer) is unresponsive?

[N]>

Find web server by: 0 = use DNS answers in order, 1 = use client supplied address then DNS, 2 = use client supplied address for next hop

connection, DNS for Web Reputation, 3 = use client supplied address for next hop connection and Web Reputation (Warning: Destination IP based

policies will still use DNS).

[1]>

Might consider trying option #1 or #3.  Don't forget to 'commit' the changes.

-Vance

Many thanks for your answer Vance!

I'll try that and give then my feedback...

- Jannis

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: