Cisco Cisco Web Security Appliance S670 Guía Para Resolver Problemas

> advancedproxyconfigChoose a parameter group:− AUTHENTICATION − Authentication

related parameters− CACHING − Proxy Caching related parameters− DNS − DNS related

parameters− EUN − EUN related parameters− NATIVEFTP − Native FTP related parameters−

FTPOVERHTTP − FTP Over HTTP related parameters− HTTPS − HTTPS related parameters−

SCANNING − Scanning related parameters− WCCP − WCCPv2 related parameters−

MISCELLANEOUS − Miscellaneous proxy relatedparameters[]> AUTHENTICATION...Enter the

surrogate timeout.[3600]>Enter the surrogate timeout for machine credentials.[10]>.

You can use the same steps to detect which requests get the NULL credentials sent and discover which URL
or User Agent are sending the invalid credentials and exempt them from authentication.

In order to prevent this request causing the false surrogate to be created, the URL has to be exempted from
authentication.Or, instead of exempting the URL from authentication, you might decide to exempt the
application sending the request itself from authentication, making sure to get any requests for the application
to be exempted from authentication. This is possible by adding the User Agent to be logged in the accesslogs
by adding the additional parameter %u in the optional Custom Fields in the WSA's accesslog subscription.
After identifying the User Agent, it has to be exempted from authentication.

Updated: Oct 13, 2014

Document ID: 118423