Cisco Cisco Web Security Appliance S690 Guida Utente
Chapter 20 Authentication
Tracking Authenticated Users
20-42
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Note
If the Web Security appliance uses cookies for authentication surrogates, Cisco
recommends enabling credential encryption. For more information, see
recommends enabling credential encryption. For more information, see
.
Tracking Authenticated Users
configurations and different types of requests (explicitly forwarded and
transparently redirected).
transparently redirected).
* Works after the client makes a request to an HTTP site and is authenticated, or
when the client makes a request to an HTTPS site and the Identity is configured
to decrypt the first HTTPS request for authentication purposes. When the HTTPS
Proxy is configured to deny the first HTTPS request, all requests to HTTPS sites
before authentication happens for a previous request are dropped.
when the client makes a request to an HTTPS site and the Identity is configured
to decrypt the first HTTPS request for authentication purposes. When the HTTPS
Proxy is configured to deny the first HTTPS request, all requests to HTTPS sites
before authentication happens for a previous request are dropped.
** When cookie-based authentication is used, the Web Proxy cannot authenticate
the user for HTTPS and FTP over HTTP transactions. Due to this limitation, all
HTTPS and FTP over HTTP requests bypass authentication, so authentication is
not requested at all. For more information on how HTTPS requests are assigned
Identity and non-Identity policy groups, see
the user for HTTPS and FTP over HTTP transactions. Due to this limitation, all
HTTPS and FTP over HTTP requests bypass authentication, so authentication is
not requested at all. For more information on how HTTPS requests are assigned
Identity and non-Identity policy groups, see
.
Surrogate
Types
Types
Explicit Requests
Transparent Requests
Credential
Encryption:
Encryption:
Disabled
Enabled
Disabled
Enabled
Protocol:
HTTP
HTTPS &
FTP over
HTTP
FTP over
HTTP
HTTP
HTTPS &
FTP over
HTTP
FTP over
HTTP
HTTP
HTTPS
HTTP
HTTPS
No Surrogate
Yes
Yes
NA
NA
NA
NA
NA
NA
IP-based
Yes
Yes
Yes
Yes
Yes
No/Yes*
Yes
No/Yes*
Cookie-based
Yes
Yes***
Yes
No/Yes**
Yes
No/Yes** Yes
No/Yes**