Hi !
I tried to restrict the internet access based on the user agent where only IE and Edge is allowed except for the specific ad group where chrome and firefox is also allowed.
This policy is working well for all the https sites but for the http sites. I found the difference in the user agent string information in the policy trace.But when i checked the browser developer tools, there is no change in the User-Agent.
HTTP Request
GET
http://www.example.com/favicon.ico DNS lookup was unrestricted
Accept-Encoding: gzip
Accept-Encoding: deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 999.1; Unknown)user: name="xxx\yyyy" realm=IWA_DIRECT
authentication start 0 elapsed 0 ms
authorization start 0 elapsed 0 ms
authentication status='none' authorization status='none'
user: authenticated=true authorized=true relative username='xxxx'
verdict: DENIED: Either 'force_deny' or 'force_exception' was matched in policy
HTTPS Request
GET
https://www.google.com/complete/search?client=firefox&q=www DNS lookup was unrestricted
rewritten URL(s):
cache_url/server_url/log_url=https://www.google.com/complete/search?client=firefox&q=www&safe=active
origin server next-hop IP address=172.217.21.36
Accept-Encoding: gzip
Accept-Encoding: deflate
Accept-Encoding: br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0Thanks,
Sriram