Forward User information to DLP via ICAP
Article ID: 165770
Updated On:
Products
ProxySG Software - SGOS
Issue/Introduction
Authenticated user and group information is sent from the ProxySG to ICAP server or ProxySG forwarding to ProxySG to ICAP server.
Resolution
Forward the Domain and Username Information (WinNT://Domain\Username) from the child proxysg to upstream proxysg or single proxysg to DLP, and then pass via ICAP:-
Child Proxy - Local Policy Files
------------------------------------------
<Proxy>
action.ControlRequestHeader1(yes)
define action ControlRequestHeader1
set(request.x_header.username, "$(user.domain)\$(user.name)")
end action ControlRequestHeader1
Parent Proxy - Configuration -> Authetntication - Policy Substitution - User Information (Ignore this on Single ProxySG)
--------------------------------------------------------------------------------------------------------------------------------------------------------------
Realm name: ad
Username: $(request.x_header.username)
Full username: $(request.x_header.username)
Parent Proxy - Local Policy Files (Ignore this on Single ProxySG)
------------------------------------------------------------------------------
<Proxy>
Authenticate(ad)
Please note that on ICAP configuration make sure the send autheticated-user is enable.
Feedback
Yes
No
Powered by
