Cisco Cisco Web Security Appliance S170 ユーザーガイド
6-6
AsyncOS 8.1 for Cisco Web Security User Guide
Chapter 6 Classify End-Users and Client Software
Classifying Users and Client Software
Note
You can define a timeout valve for the authentication surrogate for all requests using Global
Authentication Settings.
Authentication Settings.
Step 12
(Optional) Expand the Advanced section to define additional membership requirements.
Session Cookie
The Web Proxy tracks an authenticated user on a particular application by
generating a session cookie for each user per domain per application. (However,
when a user provides different credentials for the same domain from the same
application, the cookie is overwritten.) Closing the application removes the
cookie.
generating a session cookie for each user per domain per application. (However,
when a user provides different credentials for the same domain from the same
application, the cookie is overwritten.) Closing the application removes the
cookie.
No Surrogate
The Web Proxy does not use a surrogate to cache the credentials, and it tracks an
authenticated user for every new TCP connection. When you choose this option,
the web interface disables other settings that no longer apply. This option is
available only in explicit forward mode and when you disable credential
encryption on the Network > Authentication page.
authenticated user for every new TCP connection. When you choose this option,
the web interface disables other settings that no longer apply. This option is
available only in explicit forward mode and when you disable credential
encryption on the Network > Authentication page.
Apply same surrogate
settings to explicit
forward requests
settings to explicit
forward requests
Select whether or not the surrogate used for transparent requests should also
be used for explicit requests.
be used for explicit requests.
Selecting this will enable credential encryption automatically.
This option appears only when the Web Proxy is deployed in transparent
mode.
mode.
Advanced Option Description
Proxy Ports
The proxy port is used to access the Web Proxy by entering one or more port numbers
in the Proxy Ports field. Separate multiple ports with commas.
in the Proxy Ports field. Separate multiple ports with commas.
For explicit forward connections, this is the port configured in the browser.
For transparent connections, this is the same as the destination port.
Note
Defining identities by port works best when the appliance is deployed in
explicit forward mode or when clients explicitly forward requests to the
appliance. Defining identities by port when client requests are
transparently redirected to the appliance may result in some requests being
denied.
explicit forward mode or when clients explicitly forward requests to the
appliance. Defining identities by port when client requests are
transparently redirected to the appliance may result in some requests being
denied.
URL Categories
Select the user defined or predefined URL categories. Membership for both is excluded
by default, meaning the Web Proxy ignores all categories unless they are selected in the
Add column.
by default, meaning the Web Proxy ignores all categories unless they are selected in the
Add column.
Note
If you need to define membership by URL category, only define it in the
Identity group when you need to exempt from authentication requests to that
category.
Identity group when you need to exempt from authentication requests to that
category.
User Agents
Defines the policy group membership by the user agent (applications such as Firefox
or Chrome Web browsers) used in the client request. You can select some commonly
defined browsers, or define your own using regular expressions.
or Chrome Web browsers) used in the client request. You can select some commonly
defined browsers, or define your own using regular expressions.
Choose whether this policy group should apply to the selected user agents or to any
user agent that is not in the list of selected user agents.
user agent that is not in the list of selected user agents.
Surrogate Type
Description