Cisco Cisco Web Security Appliance S170 ユーザーガイド

H O W W E B P R O X Y D E P L O Y M E N T A F F E C T S A U T H E N T I C A T I O N

C H A P T E R 1 7 : A U T H E N T I C A T I O N

361

2. Web Proxy uses a 307 HTTP response to redirect the client to the Web Proxy which

masquerades as a local web server.

3. Client sends a request to the redirected URL.

4. Web Proxy sends a 401 HTTP response “Authorization required.”

5. User is prompted for credentials and enters them.

6. Client sends the request again, but this time with the credentials in an “Authorization”

HTTP header.

7. Web Proxy confirms the credentials, tracks the user by IP address or with a cookie, and

then redirects the client to the originally requested server.

Note — You can configure the Web Proxy to use either IP addresses or cookies to track
authenticated users.

8. If the client requests the original web page again, the Web Proxy transparently intercepts

the request, confirms the user by IP address or cookie, and returns the requested page.

Note — If the client tries to connect to another web page and the Web Proxy tracked the user
by IP address, the Web Proxy confirms the user by IP address and returns the requested page.

Table 17-5 lists advantages and disadvantages of using transparent Basic authentication and
IP-based credential caching.

Table 17-5 Pros and Cons of Transparent Basic Authentication—IP Caching

Advantages

Disadvantages

• Works with all major browsers
• With user agents that do not support

authentication, users only need to
authenticate first in a supported browser

• Relatively low overhead
• Works for HTTPS requests if the user has

previously authenticated with an HTTP
request

• Authentication credentials are associated with

the IP address, not the user (does not work in
Citrix and RDP environments, or if the user
changes IP address)

• No single sign-on
• Password is sent as clear text (Base64)