Hi Robab,
IgnoreURL and IgnoreExt are indeed a solution for your use case because of the following reason :
- IgnoreURL and IgnoreExt processing are done on the client side (web agent side) ..and if they matches..the request is NOT forwarded to the policy server.
Web Agent is able to do so because when it initializes at the startup it fetches all the ACO parameters from the policy server and caches them locally.
-The reverse of Exclusion is Inclusion ..so once you define a list which shouldn't be forwarded to the policy server (using IgnoreExt/IgnoreURL)..the remaining list of resource (inclusion list ) which needs to be forwarded to Policy server is automatically determined.
The configuration defined in the LocalConfig.conf just overwrites the one defined in the central configuration (ACO).
Sample web agent log to prove the idea :
==================================
[10/29/2014][15:44:38.168][940][248][239b0220000040f50000000040f5239b-03ac-545070b6-00f8-00a6483d][agent-vm1][][CSmHttpPlugin.cpp:574][CSmHttpPlugin::ProcessResource][][][][][*127.0.0.1][][][][][][][][][][Resolved URL: '/ignoreme/'.]
[10/29/2014][15:44:38.168][940][248][][][][CSmHttpPlugin.cpp:4179][CSmHttpPlugin::AutoAuthorizedUrl][][][][][][][][][][][][][][][Auto-authorizing resource, matches IgnoreUrl filter.]
[10/29/2014][15:44:38.168][940][248][239b0220000040f50000000040f5239b-03ac-545070b6-00f8-00a6483d][agent-vm1][/ignoreme/][CSmHttpPlugin.cpp:687][CSmHttpPlugin::ProcessResource][][][][][*127.0.0.1][][][][][][][][][][Resolved METHOD: 'GET'.]
[10/29/2014][15:44:38.168][940][248][239b0220000040f50000000040f5239b-03ac-545070b6-00f8-00a6483d][agent-vm1][/ignoreme/][CSmHttpPlugin.cpp:740][CSmHttpPlugin::ProcessResource][][][][][*127.0.0.1][][][][][][][][GET][][Resolved cookie domain: '.ujwol.com'.]
[10/29/2014][15:44:38.168][940][248][239b0220000040f50000000040f5239b-03ac-545070b6-00f8-00a6483d][agent-vm1][/ignoreme/][CSmSessionManager.cpp:148][CSmSessionManager::EstablishSession][][][][][*127.0.0.1][][][][][][][][GET][][No plugins responded, returning SmNoAction.]
[10/29/2014][15:44:38.168][940][248][239b0220000040f50000000040f5239b-03ac-545070b6-00f8-00a6483d][agent-vm1][/ignoreme/][CSmHighLevelAgent.cpp:394][ProcessRequest][][][][][*127.0.0.1][][][][][][][][GET][][ProtectionManager returned SmNo, end new request.]
As you could see above,
Web agent determines that the resource "ignoreme" matches the IgnoreUrl Filter and hence Auto-authorizes it by itself and doesn't forward it to Policy server for further processing.
Hope this helps.
Cheers,
Ujwol