Cisco Cisco Web Security Appliance S380
12
Release Notes for Cisco IronPort AsyncOS 7.5.7 for Web
7.5.7
Known Issues
68555
Web Proxy may not handle POST requests properly with authentication
required.When the user’s first client request is a POST request and the user still needs
to authenticate, the POST body content is not passed to the web server. When users
need to authenticate, the client is redirected to the Web Proxy for authentication
purposes. However, during this process, the POST body content is lost. This might be
a problem when the POST request is for a SaaS application with the SaaS Access
Control single sign-on feature in use.
required.When the user’s first client request is a POST request and the user still needs
to authenticate, the POST body content is not passed to the web server. When users
need to authenticate, the client is redirected to the Web Proxy for authentication
purposes. However, during this process, the POST body content is lost. This might be
a problem when the POST request is for a SaaS application with the SaaS Access
Control single sign-on feature in use.
Workaround: Verify users request a different URL through the browser and
authenticate with the Web Proxy before connecting to the web server. Or, you can
bypass authentication for the server domain name. When working with SaaS Access
Control, you can bypass authentication for the Assertion Consumer Service (ACS)
URL configured in the SaaS Application Authentication Policy.
authenticate with the Web Proxy before connecting to the web server. Or, you can
bypass authentication for the server domain name. When working with SaaS Access
Control, you can bypass authentication for the Assertion Consumer Service (ACS)
URL configured in the SaaS Application Authentication Policy.
71012
Clients cannot connect to HTTPS servers that do not support TLS Hello during the
SSL handshake.
SSL handshake.
Workaround: If the Web Proxy is deployed in transparent mode, use the proxy bypass
list to bypass the Web Proxy for these websites. If the Web Proxy is deployed in
explicit forward mode, use a custom URL category and a Decryption Policy to pass
through traffic to these websites, and verify the option “Would you like to block
tunneling of non-SSL transactions on SSL Ports?” is disabled.
list to bypass the Web Proxy for these websites. If the Web Proxy is deployed in
explicit forward mode, use a custom URL category and a Decryption Policy to pass
through traffic to these websites, and verify the option “Would you like to block
tunneling of non-SSL transactions on SSL Ports?” is disabled.
72798
Clients are continually prompted to authenticate when using Internet Explorer to
access servers that require authentication when NTLM authentication is enabled on
the appliance. This is a known issue with Internet Explorer.
access servers that require authentication when NTLM authentication is enabled on
the appliance. This is a known issue with Internet Explorer.
Workaround: Read the following Microsoft support article for more information:
http://support.microsoft.com/?scid=kb;en-us;820780&x=6&y=10
Or, use Internet Explorer 9 on Windows 7.
73467
Rebooting an appliance without a proper shutdown sometimes causes irreparable
damage to the appliance.
damage to the appliance.
79488
When including the %k format specifier as a custom field in the Access logs, when an
object is served from the cache, the access log entry displays 255.255.255.255.
object is served from the cache, the access log entry displays 255.255.255.255.
82244
Users who make uploads (POST requests) in Internet Explorer with cookies used as
the authentication surrogate see an Internet redirection message in the web browser
notifying them that they are being redirected to a different site. This is because the
Web Proxy must redirect explicit connections to the Web Proxy itself using a 307
HTTP response in order to set the cookie as the authentication surrogate. This is a
known issue with Internet Explorer.
the authentication surrogate see an Internet redirection message in the web browser
notifying them that they are being redirected to a different site. This is because the
Web Proxy must redirect explicit connections to the Web Proxy itself using a 307
HTTP response in order to set the cookie as the authentication surrogate. This is a
known issue with Internet Explorer.
Workaround: Users can click Yes in the redirection message window to continue and
they will be directed to the originally requested website after the Web Proxy sets the
cookie. Or, to prevent users from seeing the redirection message, you can configure
Internet Explorer to not show a message in this circumstance by disabling the “Warn
if POST submittal is redirected to a zone that does not permit posts” option. Typically,
this option is found in Tools > Internet Options > Advanced.
they will be directed to the originally requested website after the Web Proxy sets the
cookie. Or, to prevent users from seeing the redirection message, you can configure
Internet Explorer to not show a message in this circumstance by disabling the “Warn
if POST submittal is redirected to a zone that does not permit posts” option. Typically,
this option is found in Tools > Internet Options > Advanced.
82415
Large objects take too long to load in some cases when the client makes a universal
range request.
range request.
Table 2
Known Issues for AsyncOS 7.5.7 for Web (continued)
Defect ID
Description