| Issue | Service Request | Description |
|---|
| 42315 | 1-6150626 | Transparent FTP users whose credentials were already cached would be prompted for proxy authentication. |
| 42555 | NONE | The sc-bytes access log field could contain an abnornally large byte count when an exception page was sent. |
| 42571 | NONE | Use of ICAP with infinite data streams over HTTP can result in excessive server bandwidth usage |
| 42609 | 1-5020299, 1-6644514 | A known issue with host affinity exists where the DNS server does not maintain the order of the IP addresses. |
| 42610 | NONE | The HTTP proxy ignores the Content-Length header with CONNECT request, and forwards all bytes followed by the request header to upstream (the proxy or origin server). Previously, it issued a "400 Bad Request" error when it received a CONNECT request with non-zero content length. |
| 42619 | NONE | Loading configuration files fails via HTTPS when an upstream proxy is used. |
| 42622 | NONE | For units upgraded from SGv2, if the administrative authentication policy uses an NTLM realm and an administrator has successfully logged in from an IP address, subsequent administrative challenges to that IP address will accept and event log invalid credentials until the IP surrogate credential for the initial administrator has expired. |
| 42628 | NONE | When the authentication mode is auto, after a valid user is in the credential cache, transparent FTP proxy users from the same IP will be allowed access until the IP surrogate expires, even when entering invalid proxy credentials. The work around is to use origin authentication mode. |
| 42631 | NONE | The optional realm display string in authenticate() should be deprecated as part of SG 3.2 as it will not be available in SG 4.x |
| 42677 | NONE | The number of max workers for a 645/6 with 3 disks, was set too low. It should be increased to be the equivalent of a 625/6. |
| 42763 | NONE | Provide ability for setting or deleting the Host: header from CPL |
| 42774 | NONE | LDAP referral following only supports one level referrals. |
| 42881 | NONE | Patience pages will not operate correctly if both response modification and request modification are used. The ProxySG will continuously restart the download from origin server and not deliver the requested page. |
| 42882 | NONE | ProxySG is sending an incorrect ICAP request for FTP RETR method. If the ICAP server cannot handle this, the data will not be received by the client |
| 42883 | NONE | Virus scanning of FTP PUT is not supported since FTP PUT traffic is not sent through ICAP REQMOD services |
| 42887 | NONE | Read-only administrators may get Java null pointer exceptions when using Configuration/Access Logging/Logs panel in Management Console |
| 42894 | NONE | MSN-IM: File transfer may not complete correctly when using a HTTP Proxy. |
| 42920 | NONE | The event log messages when creating Netegrity Siteminder agents may be confusing. Server 0 should be considered as "primary agent" and server 1 should be considered as "alternate agent" when intepreting the logs. |
| 42922 | NONE | The substitution function :next_date(), that can be applied to the $(cookie_date) and $(http_date) CPL substitutions, gives parse errors when the argument contains a ':", specifically, when specifying a time, for example: set( response.header.Set-Cookie, "splashed=yes; expires=$(cookie_date:next_date( 00:00 )" ), which would specify a cookie that expires at midnight. This will affect only those clients who have been using this function, most likely in the implementation of splash or coaching page policy to establish absolute expiry times which include a specific hour. Specific dates can still be specified, as can relative expiry times. |
| 42935 | NONE | The ProxySG does not support the HelixDNAClient on Linux platforms; when the RTSP service is disabled, the player falls back to HTTP transport. If content is requested through http streaming, either enable the RTSP service or disable HTTP handoff to prevent a restart. |
| 42958 | NONE | Bridging: Changing the IP address of an interface after it is attached to a bridge is not recommended. |
| 42992 | NONE | Url rewrites were not being performed on embedded ARCHIVE tags. |
| 43182 | NONE | When the ProxySG network adapter is configured to deliver a default PAC file, the browser configuration instruction page accessed through the Management Console home page refers to "http://<ip>:8081/<pac_file_path>", even when the non-secure HTTP-console service is disabled. You must enable http-console service for the default PAC file to be delivered to browser. Note that browsers can not download PAC files over HTPS. |
| 43515 | 1-6439395, 1-6575316 | Pagefault in process "Agent-Admin-" in "" at .text+0x0 when using bcaaa (NTLM) agent. |
| 43695 | 1-6547721 | Always_verify policy in addition to a patience-page enabled resp-mod service can cause a download loop if the content on the origin server has changed or origin server returns HTTP 200 OK. |
| 44097 | 1-6545851, 1-6743481 | SNMP trap for CPU utilization will be sent only if the CPU continues to stay up for 32 or more seconds. This is different behavior and needs to be documented |