When a user logs in to a website, the browser performs an HTTP POST request towards the website. This request has a "Request Body" attribute that includes user credentials. The proxy can inspect this request including the credentials that are being sent and apply policy to it.
The purpose of this article is to show how to allow a specific username and deny authentication attempts with other usernames.
Launchthe proxy Visual Policy Manager (VPM)
Create a Web Access Layer
Create a rule and in the Sourcecolumn go to Set > New > HTTP Request Body
Enter the Name of the Object > from the drop-down menu select "Contains" > In Content, enter the username > Set the length of the content in bytes, 50 initially (This will vary depending on the website and the username)
Go to the Destination column > Set > New > Request URL
Enter the name of the site
In the Action column > Set to Allow
Create a new rule within the same layer below the first one
In the new rule Set the Service Column to Protocol Methods > HTTP POST
Go to the Destination column and select the same Request URL as in the first rule
Set the Action to Deny
The policy should look as follows:
Further policy tweaking may be required depending on the website in question.
SSL Interception is required in order for the the proxy to "see" encrypted HTTP POST requests and apply policy based on the "Request Data" attribute.
This policy does not apply to all sites. For example, this cannot be applied to Google account login due to how it handles user sessions.
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.