Request Types

Request Types

Overview

Use Request Profiler to Manage profiling based on the request sent to webserver.
This section can be used to configure the rules by specifying the method of request, protocol of request, referrer, user agent.
This section Enables you to block or allow the websites, by using hostname(website).
By using this section Make the social networks (Facebook, Twitter) for read-only purpose. you are unable to like, comment, share, chat, and gaming.
This section helps you to enforce the safe search for Google, yahoo, YouTube.

Enabling Request Type section on SafeSquid User Interface

Access SafeSquid interface

Go to configure page.

clicking on configure in safesquid interface 
clicking on custom settings in the sidebar 
clicking on Response Types in custom settings

Global

Enabled

Enable or Disable request types of section.
TRUE: Enable request types of section.
FALSE: Disable request types of section.
 
showing global section of request types

Request Types

The following rules are tested for each connection. The testing is done in top-down order.
The first entry that matches the Request Profile of a connection, will be applied to it.
 
adding a new policy by clicking on add new button 
showing response Type tab in Request type section 

Enabled

Enable or Disable this entry
TRUE: Enable this entry.
FALSE: Disable this entry.

Comment

For documentation, and future references, explain the relevance of this entry with your policies.

Trace Entry

Enable or Disable Tracing of this entry.
Select “Yes” to debug the application of entry using SafeSquid logs.
Enable entry tracing, is useful if you wish to validate, its application.
TRUE: Select this option to enable profile tracing.
FALSE: Select this option to disable profile tracing.

Request Profiles

Comma separated list of Request Profiles to which this entry will be applied.
This could be one or more Request Profiles already applied (ADDED REQUEST PROFILES) to the connection, due to this entry in the list.
If kept Blank, it will apply to all connections irrespective of any applied request profile.

Method

This entry applies to requests matching the selected list of Method(s).
If this entry should be applied to all requests irrespective of methods, do not select any method.
GET: GET method is used to retrieve information from server using a given requested webserver. Requests using GET should only retrieve data and should have no other effect on the data. Select this if you want to apply this entry for requests with GET method.
POST: POST method is used to submit data to be processed (Example: customer information, file upload etc. using HTML forms). The data is included in the body of the request. This may result in the creation of a new resource or the updates of existing resources or both. Select this if you want to apply this entry for requests with POST method.
CONNECT: CONNECT Converts the request connection to a transparent TCP/IP tunnel, usually to facilitate SSL-encrypted communication (HTTPS) through an unencrypted HTTP proxy (e.g. SSL tunnelling). Select this if you want to apply this entry for requests with CONNECT method.
HEAD: HEAD method is identical to GET. However, in response to HEAD request server shall not return a message body. Select this if you want to apply this entry for requests with HEAD method.
PUT: PUT method is used to upload a representation of the specified resource. If request for any webserver refers to an already existing resource, it will be modified. Otherwise, server can create the resource with present URI (Uniform Resource Identifier). Select this if you want to apply this entry for requests with PUT method.
DELETE: DELETE method removes the specified resource. It intends to delete the resource or move it to an inaccessible location identified by the requested webserver. Select this if you want to apply this entry for requests with DELETE method.
TRACE: TRACE Echoes back the received request, so that a client can see what intermediate servers are adding or changing in the request. The final recipient of the request SHOULD reflect the message received back to the client as the entity-body of a 200 (OK) response. Select this if you want to apply this entry for requests with TRACE method.
OPTIONS: OPTIONS method returns the HTTP methods that server supports URL. OPTIONS can be used to check the functionality of a web server by requesting * instead of a specific resource. Select this if you want to apply this entry for requests with OPTIONS method. Unused.

Protocol

This entry applies to requests matching the selected list of protocol(s).
IF this entry should be applied to all requests irrespective of protocols, do not select any protocol.
FTP: File Transfer Protocol (FTP) is a standard network protocol used to transfer files from any host to another host over a TCP-based network. Select this if you want to apply this entry for FTP clients.
HTTP: Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the protocol to exchange or transfer hypertext. Select this if you want to apply this entry for HTTP clients.
HTTPS: Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network. Very first request for HTTPS will be CONNECT request, subsequently it will be changed to HTTPS. Therefore, lower down in protocol it is HTTPS request. Select this if you want to apply this entry for HTTP clients who want to access websites using SSL.

Content type

This entry applies to regular expression matching to the MIME-type. Here MIME-type indicates the entity-body sent to the recipient (used with POST and PUT requests).
Request Type is the type of request sent by the requester such as an incident or request for any information.
Example: Content-Type: application/x-www-form-URL encoded. IF this entry should be applied to all requests irrespective of MIME-type leave it blank.

Port range list

Comma separated list of port or ports ranges to which this entry will be applied. Here port range indicates TCP port(s) number on which the server is listening.
Example: value "80,21-25" means port 80 and port range from 21 to 25. Applies to all ports if left blank.

URL Command

Comma separated list of URL command(s) to which this entry will be applied.
If this entry should be applied to all requests irrespective of any URL command leave it blank.
https: For https requests.
! https: For other than https requests.

Minimum Post Data Size

This entry applies only if Request body is more than this size.
Example: Content-Length: 48

Maximum Post Data Size

This entry applies only if Request body is less than this size.
Example: Content-Length: 480

File

This entry applies to regular expression matching the file portion of requested webserver (the part of a URL that succeeds hostname).
Leave it blank to apply all the requests irrespective of file portion of URI (Uniform Resource Identifier).
Example: (cgi-bin|\?) will apply to queries in a URL.

Host Name

This entry applies to regular expression matching the hostname(website) of requested webserver.
Leave it blank to apply all the requests irrespective of hostname(s).
Example: Host: en.wikipedia.org:80

Smart TLD

Enable this option if the regex for Host Name should be used to match irrespective of TLD.
Specify google$ in Host Name and smart TLD to enabled to ensure match for google.com or google.co.uk or google.co.in
If you strictly want to create a policy for mail.google.com, then you should set Smart TLD to disabled and mention Host Name as mail\.google\.com
TRUE: Ignore TLD of the requested Host Name while matching regex.
FALSE: The regex contains specific TLD for which the match is required.

Referrer

This entry applies to regular expression matching the referrer (the address of the resource from which the requested URI was obtained) of requested webserver.
Leave it blank to apply all requests irrespective of referrer of header.
Example: Referrer: http://en.wikipedia.org/wiki/Main_Page.

User Agent

This entry applies to regular expression matching to a specific internet client or web client (application requesting the information from the server).
Leave it blank to apply all requests irrespective of any application requesting the information from the server.
Example: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/21.0.

X-Forwarded-For

This entry applies to regular expression matching the X-Forwarded-For (the IP address from where the original request came from either proxy or load balancer).
Leave it blank to apply for all requests irrespective of X-forwarded.
Example: X-Forwarded-For: 129.78.138.66.

Request header pattern.

This entry applies to regular expression matching the request header pattern. Apply to all request patterns if left blank.

Added Request profiles.

Comma separated list of Request Profiles that will be added to connection if the above specified tests result true.

Removed Request profiles.

Comma separated list of Request Profiles to be removed when all the above rules match.
If any of these Request profiles have been already applied to the connection by any of the other Request Profile rules, they will be removed.

Example

Rule#1

I want Request type for Microsoft Teams Desktop application based on its user-agent.
Connections that match the pattern for team’s user agent will be added to Microsoft teams Desktop application.
This is useful in case where we want to remove authentication or bypass SSL inspection only for application.
rule showing a request type created for Microsoft teams desktop

Rule#2

In my organization google.com has been blocked and because of which I’m unable to access apps such as google keep or Gmail web applications.
I want to allow only google keep while keeping rest of the google services blocked.
Using google keep’s host name I can create Request profile for Google Keep.
Using Request type I can access Google Keep while keeping, while having rest of the google services blocked.

showing rule created for google keep




    • Related Articles

    • Response Types

      Overview Use Response profiles to manage profiling based on the responses received from the webserver. You can manage Profiling based on the following parameters present in the responses received from the webserver. Mime File Content-Length Response ...

    • Access Profiles

      Overview Use Access Profiles to setup your Profiled Internet Access policies. Create an Entry to define Profile(s) as a combination of one or more conditions. Each entry may optionally modify previously applied restrictions, or Profile(s). The ...

    • Content modifier

      Overview Use 'Content modifier' to remove or modify contents like AcitveX, JavaScript, Cookies from selected websites. It enables you to modify the contents of web pages, files, the client header, and server header in real time. Enabling Content ...

    • System configuration

      Overview Use 'System configuration' to tune various parameters with respective network infrastructure. By this tuning you can improve overall Internet service performance and manage your secure port utilization. Enabling System configuration section ...

    • ICAP

      What is the advantage of using ICAP? ICAP is a protocol designed to off-load specific Internet-based content to dedicated servers, thereby freeing up resources and standardizing the way in which features are implemented. For example, a server that ...