In a Proxy Chaining deployment, log user authentication information in the upstream Proxy without authentication feature enabled.

book

Article ID: 166595

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

In a Proxy Chaining deployment, the path of user request is:

client workstation > branch proxy > gateway proxy

The authentication occurs at the branch proxy.

On the gateway proxy, have authenticated user names in the access logs with no authentication action on the gateway proxy.

Resolution

This task assumes that the branch proxy authentication and proxy chaining configurations are complete and that there is no authentication configuration on the Gateway Proxy.

For the target of log authenticated user names and group information on the gateway proxy, perform the following steps:

1. On the branch proxy, add the authenticated username and usergroup to the Request Cookie.

define condition __GROUP1
    realm=iwa group="SETAC\1111"
end condition __GROUP1

 
define condition __GROUP2
    realm=iwa group="SETAC\2222"
end condition __GROUP2


define action ControlRequestHeader1
    set(request.header.Cookie, "user=$(user), group=$(group),groups=$(groups)")
end action ControlRequestHeader1


<Proxy>
    condition=__GROUP1 Allow    action.ControlRequestHeader1(yes)        ; Rule 1
    condition=__GROUP2 Allow    action.ControlRequestHeader1(yes)    

2. On the gateway proxy, copy the log format of bcreportermain_v1 and create a new log format using this. For example, a log format named Gateway_Log.

Add cs(Cookie) between c-ip and cs-username. For example:

date time time-taken c-ip cs(Cookie) cs-username cs-auth-group x-exception-id sc-filter-result cs-categories cs(Referer)  sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-bluecoat-application-name x-bluecoat-application-operation

Then you can get this format Log information in your gateway proxy:

2011-10-17 02:17:24 13 10.254.16.172 "user=SETAC\tom.test1, group=SETAC\2222,groups=SETAC\2222,SETAC\1111" ......