search cancel

How to ensure WSS Agent does not remove http authorization headers?

book

Article ID: 200886

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Some websites are using basic authentication method and when the users i trying to access using a computer with the WSS Agent installed the authorization header is removed, so the authentication process fails.

The problem is not present in Explicit or IPsec access method (but could be present and handled in another manner in proxy-forwarding).

How can we ensure the header is not removed and the user / service / tool can login the remote server properly?

Cause

The WSS Agent operates in a cloud authentication realm and as such we setup the authentication and authorization on the WSS proxysg.

In the process we ensure that authorization headers (a base64 encoded password) are not sent out to the Internet unintentionally.

Environment

WSS Agent and remote sites using basic authentication method.

Resolution

In a WSS Portal setup you can add the site to the Authentication bypass and this resolves the issue.

For Management Center customers, you can use a WSS provided condition to add destination url's to the Authentication bypass named "BC_Authentication_exempt_sites".

The definition is used on the WSS managed policy so you don't need anything else than adding data to the definition (in a CPL layer or in VPM).

Here is a CPL sample:

define condition BC_Authentication_exempt_sites
  url.domain=//some.url/
end