401 Authentication headers displaying Proxy private IP address
Last Updated May 13, 2019
When performing a wget or curl request against the proxy, it is showing the authentication realm as the private IP address of the proxy instead of the authentication realm configured for users. This could be a security vulnerability since someone performing the request does not necessarily need the private IP address to make the request, but can find the ip within the response along with a description of what the device is(Server: BlueCoat-Security-Appliance).
This happens because you are performing the request against the console of the proxy and not a web access layer where domain authentication would typically be performed.
To configure a Console Realm Name on the proxy, go to Configuration --> Authentication --> Console Access --> Console realm name and enter a value. The response will then show this value as in the response.
Example with console realm name set to "restricted-realm":