Cisco Cisco Web Security Appliance S170 사용자 가이드
28-4
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 28 Common Tasks
Bypassing Authentication for Specific Websites
Bypassing Authentication for Specific Websites
In this task, you will make sure the Web Proxy does not authenticate requests from users trying to access
specific websites. You might want to do this to for websites that do not interact properly with proxy
servers that authenticate their users, but you still want the Web Proxy to apply security services to the
website, such as web reputation filtering and anti-malware scanning. Also, you might want to do this for
websites that multiple user agents need to access, but the user agents cannot prompt users to enter
authentication credentials, such as Microsoft Windows updater user agents.
specific websites. You might want to do this to for websites that do not interact properly with proxy
servers that authenticate their users, but you still want the Web Proxy to apply security services to the
website, such as web reputation filtering and anti-malware scanning. Also, you might want to do this for
websites that multiple user agents need to access, but the user agents cannot prompt users to enter
authentication credentials, such as Microsoft Windows updater user agents.
For example, users have been complaining about not being able to access files they need for work hosted
on a partner website. They can access the files on the partner’s website when they are not connected to
the local network, but cannot access the partner’s website when they are connected to the local network.
IT has learned from reading the Web Security appliance access logs that the partner’s web server is not
fully RFC compliant with HTTP and cannot communicate properly with the Web Proxy when it
authenticates its end users. By not authenticating users that access the partner’s website, you can still
allow access while protecting users by scanning the content downloaded from the server.
on a partner website. They can access the files on the partner’s website when they are not connected to
the local network, but cannot access the partner’s website when they are connected to the local network.
IT has learned from reading the Web Security appliance access logs that the partner’s web server is not
fully RFC compliant with HTTP and cannot communicate properly with the Web Proxy when it
authenticates its end users. By not authenticating users that access the partner’s website, you can still
allow access while protecting users by scanning the content downloaded from the server.
Additionally, on Windows machines, the Microsoft Windows updater fails by either hanging or
displaying an error message to end users.
displaying an error message to end users.
This task assumes one or more authentication realms are already defined on the Web Security appliance.
Step 1
Navigate to the Web Security Manager > Custom URL Categories page.
Step 2
On the Customer URL Categories page, click Add Custom Category.
Step 3
In the Category Name field, enter a name for this category, such as
BypassAuth
.
Step 4
In the Sites field, enter the addresses for the websites you want to have bypassed for authentication. In
this task, enter the following addresses:
this task, enter the following addresses:
•
mypartnersite.com
•
.mypartnersite.com
•
download.windowsupdate.com
•
.windowsupdate.microsoft.com
•
.update.microsoft.com
•
.download.windowsupdate.com
•
update.microsoft.com
•
.windowsupdate.com
•
download.microsoft.com
•
windowsupdate.microsoft.com
•
ntservicepack.microsoft.com
•
wustat.windows.com
•
c.microsoft.com
Step 5
Click Submit.
Step 6
Navigate to the Web Security Manager > Identities page.
Step 7
Click Add Identity.
Step 8
In the Name field, enter a name for this policy, such as
WebsitesToBypassAuth
.