Cisco Cisco Web Security Appliance S170 Guida Utente
S E N D I N G A U T H E N T I C A T I O N C R E D E N T I A L S S E C U R E L Y
C H A P T E R 1 7 : A U T H E N T I C A T I O N
385
• FTP over HTTP. The dilemma with accessing FTP servers using FTP over HTTP is similar to
accessing HTTPS sites. The Web Proxy must resolve the user identity before assigning an
Access Policy, but it cannot set the cookie from the FTP transaction.
Access Policy, but it cannot set the cookie from the FTP transaction.
Because of this, you should configure the appliance to use IP addresses as the surrogate when
credential encryption is enabled.
credential encryption is enabled.
Note — Authentication does not work with HTTPS and FTP over HTTP requests when
credential encryption is enabled and configured to use cookies as the surrogate type.
Therefore, with this configuration setup, HTTPS and FTP over HTTP requests only match
Access Policies that do not require authentication. Typically, they often match the global
Access Policy since it never requires authentication.
credential encryption is enabled and configured to use cookies as the surrogate type.
Therefore, with this configuration setup, HTTPS and FTP over HTTP requests only match
Access Policies that do not require authentication. Typically, they often match the global
Access Policy since it never requires authentication.