Cisco Cisco Web Security Appliance S670 故障排查指南
How to bypass authentication for specific user
agents?
agents?
Document ID: 118054
Contributed by Josh Wolfer and Siddharth Rajpathak, Cisco TAC
Engineers.
Engineers.
Jul 22, 2014
Contents
Question:
Question:
How to bypass authentication for specific user agents on Cisco Web Security Appliance (WSA)?
Environment: Cisco Web Security appliance (WSA), All AsyncOS versions 7.x and above
Bypassing authentication for a particular application using its user agent, is a two step process.
Step 1: Determine the user agent string used by the application
Determine the user agent used by an application
1. For standard applications, you should be able to find the user agent string on the below websites
http://www.user−agents.org/
http://www.useragentstring.com/pages/useragentstring.php
http://www.infosyssec.com/infosyssec/security/useragentstrings.shtml
http://www.user−agents.org/
http://www.useragentstring.com/pages/useragentstring.php
http://www.infosyssec.com/infosyssec/security/useragentstrings.shtml
2. You could also determine the user agent string from access logs on the appliance. Please follow the steps
below:
below:
Browser to GUI −> "System Administration" −> "Log Subscription" −> 'Access logs'
•
Add %u in the Custom fields
•
Submit and commit the changes
•
Grep or tail the access logs based on client IP address
•
The user agent string should be located at end of the access log line
•
Example: For Chrome browser, you could see the user agent string as Mozilla/5.0 (Windows; U; Windows
NT 5.1; en−US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.X.Y.Z Safari/525.13.)
NT 5.1; en−US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.X.Y.Z Safari/525.13.)
Step 2: Configure WSA to bypass authentication for the user agent strings