Acess Rules vs. Policies

[mediadog]

I understand how each of these work, but:

1) What is their order of precedence? If one denies access, does it then hit the other?

2) I know Policies offer much more flexibility, but are there other reasons for using one vs. the other?

I have not been able to find in the documentation a good overview of the flow through WinGate, and this kind of operational explanation.

Thanks!

[adrien]

Hi

Web Access Control is a HTTP filter (shows as Web Activity in the proxy), whereas policy is an Event processor.

The sequence of events in an http session is

1 ClientConnect event ::= the client connected to the proxy, this is prior to any request
2 Request Event ::= the client sent a request
then depending on the nature of the request, there are 1 of 3 events pushed
3a ProxyRequest Event ::= the client sent a request treating the proxy as a proxy
3b ConnectRequest Event ::= the client is trying to set up a tunnel with the CONNECT command (usually this means it is https)
3c ServerRequest Event ::= the client is treating the proxy as a server (mostly reverse proxy or actually a server)
4. FilterRequest ::= the request is sent through the HTTP filter chain, this is where web access rules are evaluated
5. ProxyResponse Event ::= a response was received from the server
6. FilterResponse ::= response sent through the HTTP filter chain (in reverse order). Probably only of interest if you're using PureSight for WinGate, as PureSight inspects html traffic
7. ResponseComplete Event ::= mostly used for tracking data etc

as for using policy vs web access control, it's really mainly flexibility. You also get access to a lot more data to base decisions on. It's common to use both, in fact people use web access control for blocking etc, and policy for config (e.g. setting upstream proxy per request, request modifying etc).

Regards

Adrien