search cancel

Bypassing ProxySG authentication

book

Article ID: 165433

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Bypassing ProxySG authentication

I have an application that does not work with authentication

How do I bypass authentication so that my application works?

What are some strategies that can be used to bypass authentication for a workstation or application?

How do I use a different authentication scheme?

Resolution

Sometimes there are applications (custom, in-house applications; specific vendor created applications, file sharing applications, and so forth), services, operating systems, update mechanisms, (all these will be referred to as applications throughout the rest of this document) and so forth that simply do not work with proxy style (HTTP 407) or content server style (HTTP 401) authentication requests.  These applications were not designed to deal with authentication.  Because these applications were not designed to deal with application, when the proxy prompts the application for authentication requests, the application will fail to function properly.  The end result will be a loss of productivity.

There may be certain applications that do not function properly when authentication is enforced.  So there are several strategies that can be used to help alleviate the problem.  This solution documents some of the strategies used to work around the problem.  This is not an all inclusive document.  There may be other ways to work around the problem.  This solution documents some of the more common ways to work around authentication issues. 

 

AUTHENTICATION BY IP ADDRESS

There are two options here.  You can

  1. Not authenticate specific IP addresses or ranges and everything else will be authenticated.
  2. Authenticate specific IP addresses or ranges and everything else will not be authenticated.

Generally authentication is enabled for all IP addresses and then a few workstations need to bypass authentication.  Please see article 165426 for instructions on how to bypass authentication by IP address.

 

BYPASSING AUTHENTICATION BY USER AGENT

Many applications that use the web have a user agent.  If a particular application is having problems authenticating and that application has a unique user agent, please see 165976 for instructions on how to bypass authentication for a specific user agent.

 

USING A DIFFERENT AUTHENTICATION MODE

Sometimes one protocol, such as HTTP, works just fine with a particular authentication mode.  But other protocols, such as FTP, do not work reliably with the same authentication mode as HTTP.  So it may be necessary to change the authentication mode in order for the application to work.  Please see 167076 for instructions on how to create a rule using the same authentication realm, but just a different authentication mode.

 

BYPASSING AUTHENTICATION BY DESTINATION URL

Sometimes a URL may be particularly troublesome.  A common example is when IWA authentication is used and the URL is a remote Microsoft Exchange server in a different domain than the local domain, and no trust relationship exists between the two domains.  In this kind of a scenario, bypassing authentication to that remote webmail server may be the solution.  Please see 165425 for instructions on how to bypass authentication based on URL.