Руководство Пользователя для Cisco Cisco Web Security Appliance S170
20-27
Cisco IronPort AsyncOS 7.7.5 for Web User Guide
Chapter 20 Authentication
Tracking Authenticated Users
Note
If the Web Security appliance uses cookies for authentication surrogates, Cisco recommends enabling
credential encryption. For more information, see
credential encryption. For more information, see
Tracking Authenticated Users
Table 20-11
describes which authentication surrogates are supported with other configurations for
explicitly forwarded requests.
Table 20-12
describes which authentication surrogates are supported with other configurations for
transparent requests.
* Works after the client makes a request to an HTTP site and is authenticated. Before this happens, the
behavior depends on the transaction type:
behavior depends on the transaction type:
•
Native FTP transactions. Transactions bypass authentication.
•
HTTPS transactions. Transactions are dropped. However, you can configure the HTTPS Proxy to
decrypt the first HTTPS request for authentication purposes.
decrypt the first HTTPS request for authentication purposes.
** When cookie-based authentication is used, the Web Proxy cannot authenticate the user for HTTPS,
native FTP, and FTP over HTTP transactions. Due to this limitation, all HTTPS, native FTP, and FTP
over HTTP requests bypass authentication, so authentication is not requested at all. For more
information on how HTTPS requests are assigned Identity and non-Identity policy groups, see
native FTP, and FTP over HTTP transactions. Due to this limitation, all HTTPS, native FTP, and FTP
over HTTP requests bypass authentication, so authentication is not requested at all. For more
information on how HTTPS requests are assigned Identity and non-Identity policy groups, see
.
*** No surrogate is used in this case even though cookie-based surrogate is configured.
Table 20-11
Supported Authentication Surrogates for Explicit Requests
Surrogate Types
Credential Encryption Disabled
Credential Encryption Enabled
Protocol:
HTTP
HTTPS &
FTP over
HTTP
HTTP
Native FTP
HTTP
HTTPS &
FTP over
HTTP
HTTP
Native FTP
No Surrogate
Yes
Yes
Yes
NA
NA
NA
IP-based
Yes
Yes
Yes
Yes
Yes
Yes
Cookie-based
Yes
Yes***
Yes***
Yes
No/Yes**
Yes***
Table 20-12
Supported Authentication Surrogates for Transparent Requests
Surrogate Types
Credential Encryption Disabled
Credential Encryption Enabled
Protocol:
HTTP
HTTPS
Native FTP
HTTP
HTTPS
Native FTP
No Surrogate
NA
NA
NA
NA
NA
NA
IP-based
Yes
No/Yes*
No/Yes*
Yes
No/Yes*
No/Yes*
Cookie-based
Yes
No/Yes**
No/Yes**
Yes
No/Yes**
No/Yes**