Why does a forward proxy resolve URL names?


It's about a AsyncOS7.5 on Ironport S360.

I realized that the proxy which is configured as a forward proxy always resolves

the URL names.

In my opinion that's totally unnecessary.

This is actually the job of the last proxy in the chain which has to deliver the request to the web server (ip address).

How can I stop it?


Cisco Employee

The appliance will resolve the URL names to get its IP address for WBRS scoring purposes.

I haven't tested to see if turning off the WBRS feature will stop these lookups.  But I would think there may be more services that require the IP address to function correctly.


Edit:  You may want to try to adjust this configuration to see if it helps in the CLI:

s660r01.csw> advancedproxyconfig

Choose a parameter group:

- AUTHENTICATION - Authentication related parameters

- CACHING - Proxy Caching related parameters

- DNS - DNS related parameters

- EUN - EUN related parameters

- NATIVEFTP - Native FTP related parameters

- FTPOVERHTTP - FTP Over HTTP related parameters

- HTTPS - HTTPS related parameters

- SCANNING - Scanning related parameters

- MISCELLANEOUS - Miscellaneous proxy related parameters

[]> dns

Enter values for the DNS options:

Enter the URL format for the HTTP 307 redirection on DNS lookup failure.


Would you like the proxy to issue a HTTP 307 redirection on DNS lookup failure?


Would you like proxy not to automatically failover to DNS results when upstream proxy (peer) is unresponsive?


Find web server by: 0 = use DNS answers in order, 1 = use client supplied address then DNS, 2 = use client supplied address for next hop

connection, DNS for Web Reputation, 3 = use client supplied address for next hop connection and Web Reputation (Warning: Destination IP based

policies will still use DNS).


Might consider trying option #1 or #3.  Don't forget to 'commit' the changes.



Many thanks for your answer Vance!

I'll try that and give then my feedback...

- Jannis

