For security reasons, the ProxySG appliance will strip authorization credentials provided by the client that are intended for the OCS. This is done by default when the connection is secured via SSL, the proxy is intercepting SSL, and proxy authorization is required. In this case, the proxy will remove the authorization header to avoid leaking credentials that may have been intended for another authentication realm or a downstream proxy.
To configure the proxy to always send the Authorization and Proxy-Authorization headers upstream to the OCS, use the following command (available in 188.8.131.52 and later):
ProxySG#(config)security force-credential-forwarding enable
This setting can be used in both explicit and transparent modes.
Note: Use this feature with caution. It is a global setting that causes the proxy to send all authorization headers upstream; unless there is a device upstream to strip these headers before the request leaves the network, user credential information will be sent to the internet for internet bound requests.
To forward the headers to specific servers only, Symantec recommends using the authenticate.forward_credentials() CPL property (available in 184.108.40.206 and later). Refer to the Content Policy Language Reference for details.
Imported Document Id
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.