search cancel

Unable to run iPhone or iPad applications when connecting through a ProxySG; how to disable Authentication for iPhone/iPad applications?

book

Article ID: 166560

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Certain applications or websites doesn't work properly when accessed via iPhone or iPad.

Cause

When using proxy Authentication, users are unable to access iPhone or iPad applications because the IOS software does not include the credentials (username and password) required for authenticating the request, and the request times out.

Environment

  • iPhone
  • iPad

Resolution

Authentication has to be disabled for iPhone or iPad devices.

iPhone or iPad devices are recognized based on User-Agent HTTP Header.

Note: Before making changes to your policy verify that traffic is not blocked by any other rule (like Web Access rules)

 

Disable Authentication via Local Policy File

To Install the policy into the Local Policy File on the ProxySG:

  1. Launch the ProxySG Management Console
  2. Click Configuration tab > Policy > Policy Files > Install Local File from:
  3. Select Text Editor from the dropdown and click the Install button which will launch the Edit and Install the Local File text editor window.
  4. Append the following policy to the Local Policy File:

<Proxy>
Allow request.header.User-Agent="iTunes" authenticate(no)
Allow request.header.User-Agent="iphone" authenticate(no)
Allow request.header.User-Agent="ipad" authenticate(no)
Allow request.header.User-Agent="Stocks" authenticate(no)
Allow request.header.User-Agent="CFNetwork" authenticate(no)
Allow request.header.User-Agent="Darwin" authenticate(no)
Allow request.header.User-Agent="Wispr" authenticate(no)

      5. Click Install.

Alternatively new Authentication Layer can be created:

  1. Launch the ProxySG Management Console and access VPM
  2. Click Add Layer and select Web Authentication
  3. Click Source , Set and  Add a new object.
  4. Select User Agent, scroll down and select iPhone and iPad and click Apply
  5. Select created object and click Set
  6. Under Rule Action click Set and select Do Not Authenticate and Set
  7. Apply changes to the policy 

 

Additional Information

In newer iPads version Desktop mode is enabled for Safari.

It means that iPad will not send User-Agent header and as a result ProxySG can't properly identify iPad device.

This option can be disabled in iPad settings:

Settings -> Safari -> Request Desktop Website -> All websites.

Change to Disabled