Environment: BM37SP1 on NW51SP5 with Surfcontrol SP1. We use SSO
(ClnTrust) for our HTTP proxy.

Problem: Some of our users recently began reporting that they could no

login to a purchasing URL, http://www.boiseoffice.com. They would getthe 403 Forbidden screen only that the screen never completely gets
refreshed. This URL prompts a user with an ID and password. When I
logged into this URL, I noticed that it jumps you to
https://shop.boiseoffice.com (note the https). I thought, well, this
is simply because the company probably recently changed their websiteand we need to allow this new URL (it wasn't in the list of allowed
sites previously). After adding it, users still get the incomplete 403

screen. Here are the details of the 2 rules that should allow them toget to this site:

Rule 1: Allow PORT 443. Source: Any; Destination:
Rule 2: Allow URL; Source: NDS group which includes users who need toget to https://shop.boiseoffice.com; Destination (among others):

There are no Deny rules above this rule. I can only assume that the
default rule (deny all) is getting hit. Why aren't these rules getting