Cisco Cisco Web Security Appliance S170 ユーザーガイド
H O W W E B P R O X Y D E P L O Y M E N T A F F E C T S A U T H E N T I C A T I O N
C H A P T E R 1 7 : A U T H E N T I C A T I O N
361
2. Web Proxy uses a 307 HTTP response to redirect the client to the Web Proxy which
masquerades as a local web server.
3. Client sends a request to the redirected URL.
4. Web Proxy sends a 401 HTTP response “Authorization required.”
5. User is prompted for credentials and enters them.
6. Client sends the request again, but this time with the credentials in an “Authorization”
HTTP header.
7. Web Proxy confirms the credentials, tracks the user by IP address or with a cookie, and
then redirects the client to the originally requested server.
Note — You can configure the Web Proxy to use either IP addresses or cookies to track
authenticated users.
authenticated users.
8. If the client requests the original web page again, the Web Proxy transparently intercepts
the request, confirms the user by IP address or cookie, and returns the requested page.
Note — If the client tries to connect to another web page and the Web Proxy tracked the user
by IP address, the Web Proxy confirms the user by IP address and returns the requested page.
by IP address, the Web Proxy confirms the user by IP address and returns the requested page.
Table 17-5 lists advantages and disadvantages of using transparent Basic authentication and
IP-based credential caching.
IP-based credential caching.
Table 17-5 Pros and Cons of Transparent Basic Authentication—IP Caching
Advantages
Disadvantages
• Works with all major browsers
• With user agents that do not support
• With user agents that do not support
authentication, users only need to
authenticate first in a supported browser
authenticate first in a supported browser
• Relatively low overhead
• Works for HTTPS requests if the user has
• Works for HTTPS requests if the user has
previously authenticated with an HTTP
request
request
• Authentication credentials are associated with
the IP address, not the user (does not work in
Citrix and RDP environments, or if the user
changes IP address)
Citrix and RDP environments, or if the user
changes IP address)
• No single sign-on
• Password is sent as clear text (Base64)
• Password is sent as clear text (Base64)