Back=right mouse click.
One or more policies is not being applied to certain Users or Groups; IWSVA is configured for ICAP mode and is using the LDAP User identification method.
Some ICAP client, including NetCache version 5.6.2 R1+, do not forward the "Proxy-Authorization" header when making requests to IWSVA. As a result, IWSVA is unable to identify the user credentials during the ICAP Response modification phase.
To work around this issue you need to enable the user IP cache in the IWSVA configuration file.
Log into the IWSVA CLI interface and change to enable mode.
Type the following command to change the IWSVA configuration file to enable the user IP cache:
configure module ldap ipuser_cache enable
(The parameter can be used in an environment of dynamic client IP addresses to preserve the unique identify a client machine).
Note: IP caching should normally be enabled; do not disable it except in environments where the IP address cannot be used to identify Web clients. For example, a network where multiple Web clients are routed through an HTTP proxy before their requests arrive at an ICAP Web cache, or one where the dynamic reassignment of IP addresses is very frequent (for example, every few minutes).