Typically, in a computer network, when a client requests content from a server, the request is sent to the server through a number of intermediary devices, each of which may alter the request in some way, according to rules installed on the intermediary device. The intent of these rules, and their embodiment, are commonly known as policy.
Management of the typical request/response process, however, is often complicated by a number of factors. First, there are a number of hardware and software computing elements involved, each of which is affected by policy, thus adding complexity to the management of the process.
Second, information required for policy decisions arrives at different times. For example connection information, request information and response information form three discrete “bundles” of information that become available at different times and within different processing subsystems. Thus the typical process is difficult to manage from a timing standpoint.
Finally, the typical process is often extended in time, during which the policy rules may change, thus increasing the possibility of conflicting policy versions.
These factors, and others, add unpredictability to the typical process. Therefore, arbitrary changes to in-progress traffic, either by the client, by the intermediary device, or by other network devices, may possibly result in unexpected results to the client or to the network. Unexpected results may lead to relatively benign problems, such as causing irritation to the network user, or may lead to quite serious problems, such as causing security breaches in the network.
Therefore, there is a need for a mechanism to allow for the uniform application of policy across separate processing elements within an intermediary device.