Cisco Cisco Web Security Appliance S670 User Guide
134
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
Figure 7-3 Policy Group Flow Diagram for Identities - Cookie-Based Surrogates
Receive request from client.
No
Is the client subnet in the Identity group’s list of subnet(s)?
Compare the client request against the next (or first) Identity
group in the policies table.
Yes, or none defined
Yes, or none defined
Is the URL category of the request URL in the Identity group’s list
of URL categories in the Advanced section?
Yes, or none defined
Is the proxy port in the Identity group’s list of ports in the
Advanced section?
No
No
Does the Identity group require authentication?
Assign the Identity and then evaluate the
request against the other policy types.
Yes
Yes, or none defined
Is the user agent in the policy group’s list of user agents in the
Advanced section?
No
Does the client successfully authenticate as a member of the
applicable realm or sequence?
No
No
Is this an HTTPS transaction?
Yes*
No
No
Terminate the
request.
Reply to client with
authentication
required.
Does the Identity support guest privileges for users failing
authentication?
Yes
Yes
*In this scenario, the Web Proxy sets the user name to
NULL. For more information, see “How Authentication
Affects HTTPS and FTP over HTTP Requests” on
NULL. For more information, see “How Authentication
Affects HTTPS and FTP over HTTP Requests” on