Cisco Cisco Web Security Appliance S170 사용자 가이드

Web Proxy sends a 401 HTTP response “Authorization required.”

User is prompted for credentials and enters them.

Client sends the request again, but this time with the credentials in an “Authorization” HTTP header.

Web Proxy confirms the credentials, tracks the user by IP address or with a cookie, and then redirects 
the client to the originally requested server.

You can configure the Web Proxy to use either IP addresses or cookies to track authenticated 
users.

If the client requests the original web page again, the Web Proxy transparently intercepts the request, 
confirms the user by IP address or cookie, and returns the requested page.

If the client tries to connect to another web page and the Web Proxy tracked the user by IP address, the 
Web Proxy confirms the user by IP address and returns the requested page.

 lists advantages and disadvantages of using transparent Basic authentication and IP-based 

credential caching. 

 lists advantages and disadvantages of using transparent Basic authentication and 

cookie-based credential caching. 

The Web Proxy uses a third party challenge and response system to authenticate users on the network.

Works with all major browsers

With user agents that do not support 
authentication, users only need to authenticate 
first in a supported browser

Relatively low overhead

Works for HTTPS requests if the user has 
previously authenticated with an HTTP 
request

Authentication credentials are associated with 
the IP address, not the user (does not work in 
Citrix and RDP environments, or if the user 
changes IP address)

No single sign-on

Password is sent as clear text (Base64)

Works with all major browsers

Authentication is associated with 
the user rather than the host or IP 
address

Each new web domain requires the entire authentication 
process because cookies are domain specific

Requires cookies to be enabled

Does not work for HTTPS requests

No single sign-on

Password is sent as clear text (Base64)