Cisco Cisco Web Security Appliance S690 Guía Del Usuario

5-31

AsyncOS 8.8 for Cisco Web Security Appliances User Guide

Chapter 5 Acquire End-User Credentials

Failed Authentication

Step 3

Check the Re-Authentication Prompt If End User Blocked by URL Category Or User Session
Restriction check box.

Step 4

Click Submit.

Tracking Identified Users

Note

When the appliance is configured to use cookie-based authentication surrogates, it does not get cookie
information from clients for HTTPS and FTP over HTTP requests. Therefore, it cannot get the user name
from the cookie.

Supported Authentication Surrogates for Explicit Requests

Supported Authentication Surrogates for Transparent Requests

* Works after the client makes a request to an HTTP site and is authenticated. Before this happens, the
behavior depends on the transaction type:

•

Native FTP transactions. Transactions bypass authentication.

•

HTTPS transactions. Transactions are dropped. However, you can configure the HTTPS Proxy to
decrypt the first HTTPS request for authentication purposes.

** When cookie-based authentication is used, the Web Proxy cannot authenticate the user for HTTPS,
native FTP, and FTP over HTTP transactions. Due to this limitation, all HTTPS, native FTP, and FTP
over HTTP requests bypass authentication, so authentication is not requested at all.

*** No surrogate is used in this case even though cookie-based surrogate is configured.

Surrogate Types

Credential Encryption Disabled

Credential Encryption Enabled

Protocol:

HTTP

HTTPS &

FTP over
HTTP

Native FTP

HTTP

HTTPS &

FTP over
HTTP

Native FTP

No Surrogate

Yes

IP-based

Yes

Cookie-based

Yes

Yes***

Yes

No/Yes**

Yes***

Surrogate Types

Credential Encryption Disabled

Credential Encryption Enabled

Protocol:

HTTP

HTTPS

Native FTP

HTTP

HTTPS

Native FTP

No Surrogate

IP-based

Yes

No/Yes*

Yes

No/Yes*

Cookie-based

Yes

No/Yes**

Yes

No/Yes**