Currently we are using MWG 6.8.6, everytime the users access an internal website it will bypass the browser authentication since we placed the domain on the ICAP exemption. When it comes to accessing an external website, the users will be required to login using the browser authentication.
Now my problem is, we want to remove the browser authentication when accessing any external websites (google, yahoo and etc) but will still get their usernames when viewed from the logs and reports.
Can anyone provide me a guide?
Thanks in advance!
Ahh. There's the rub.
It's a catch 22. You must autehnticate to get the username, but if you don't want to authenticate, you cannot get the user name. You cannot do this in 6.x
in version 7.x, there is the concept of Try-Auth, that attempts authentication, but if it is unsucessful, just continues on it's way using what information it can get. You'd have to upgrade to get that capability.
Hi, thanks for the answer
We do plan to upgrade to version 7 but not anytime soon, we just want to do this on our current version.
Do you know the kb for the concept of the Try-Auth so I can try it?
Also, do you think the logs that being sent by MWG 6.x (assuming that I disable the browser authentication) will include the IP address of the user? Because I'm thinking that Web Reporter might able to display the usernames on the reports.
Like I said, 6.8 can't do it because it's not built into the code of the proxy.
I don't know if there's a KB. I've never looked. It's a Rule Set in the library that you just import. Basically, it does NTLM, but at the very response after it gets a user name and checks the password, if the password check fails, it still lets you through.
It doesn't work very well with Mac or Linux because integrated authentication does not come wiht thos OSes.
If you have a really solid DNS, then Web Reporter can lookup host names of the workstation, not user names. You have to make sure that you have good DNS with reverse entries for everything, otherwise log imports will slow to a crawl. I've only seen it work well in very well-managed DNS environments.
Thanks for the reply.
I had a talk with McAfee support to clarrify this issue, he also said that usernames will not be recorded. The only weird part is, he mentioned that IP addresses will be recorded on the 6.8 logs so if these logs will be push on the Web Reporter; Web Reporter can probably display the usernames on the report.