cancel
Showing results for 
Search instead for 
Did you mean: 
james_478
Level 7

Creating a rule to bypass authentication for HTTP/1.0 traffic on web gateway 7.1

Jump to solution

Hello,

I have an issue where the McAfee Web Gateway 7.1.

The problem is that in a certain situation a user will be prompted for their user name and password when they open or forward an email with embedded web (or secureweb) content.

I have determined that this is due to HTTP/1.0 traffic establishing a connection.  When HTTP/1.1 is being used there is no prompt for user name or password.

I need to create a rule in Web Gateway 7.1 that will disable the username and password prompt for HTTP/1.0 traffic.

Any assistance you could render would be appreciated.

Thank you for your time.

Message was edited by: james_478 on 6/10/11 10:10:27 AM CDT
0 Kudos
1 Solution

Accepted Solutions
jont717
Level 12

Re: Creating a rule to bypass authentication for HTTP/1.0 traffic on web gateway 7.1

Jump to solution

Not sure how you are authenticating users, but we use WCCP.

Here is what you want to do.  Under your authentication rule, you will want to add a section for User Agent and create a User Agent Whitelist.  (see image).   If you look in your log files, you will see when Lotus notes tries to connect to the Internet.  The log file will show you which User-Agent it is using.  For me it is Lotus-Notes.  Put this in your User Agent Whitelist. The picture explains it all. 

Basically, it says...if user agent is anything else than what is in the User Agent Whitelist, than authenticate them.  If it is in the list, skip authentication. 

That's all you have to do.    Also, if you still want your URL filtering policy to apply to unauthenticated users, you will need to create a copy of your URL filter policy for unauthenticated users.  That way, any browsing done with Lotus Notes will still be controlled by your company policy.

6.png

0 Kudos
6 Replies
McAfee Employee

Re: Creating a rule to bypass authentication for HTTP/1.0 traffic on web gateway 7.1

Jump to solution

Not sure if I agree with doing this as there are many things that could make HTTP/1.0 request, but the property would be:

Request.ProtocolAndVersion

~Jon

0 Kudos
jont717
Level 12

Re: Creating a rule to bypass authentication for HTTP/1.0 traffic on web gateway 7.1

Jump to solution

What email application do you use? 

We had the same issues and what you want to do it just allow that application through without authentication.  Do not open for all HTTP/1.0!!  This means all the traffic will still be scanned with gateway AV.  We use Lotus Notes.

0 Kudos
McAfee Employee

Re: Creating a rule to bypass authentication for HTTP/1.0 traffic on web gateway 7.1

Jump to solution

Perhaps I need to revisit this, but last I recall, outlook can do this if you are doing trans auth (time based) and Outlook shares the user-agent with IE.

With lotus notes, Jonathan is correct, you could just allow it for that user-agent.

~Jon

0 Kudos
james_478
Level 7

Re: Creating a rule to bypass authentication for HTTP/1.0 traffic on web gateway 7.1

Jump to solution

Hi  Jon (Jont717),

We are using Lotus Notes.  Is it possible for you to show me how you were able create the rule allow rule for this?

Thank you for you time.

James

0 Kudos
jont717
Level 12

Re: Creating a rule to bypass authentication for HTTP/1.0 traffic on web gateway 7.1

Jump to solution

Not sure how you are authenticating users, but we use WCCP.

Here is what you want to do.  Under your authentication rule, you will want to add a section for User Agent and create a User Agent Whitelist.  (see image).   If you look in your log files, you will see when Lotus notes tries to connect to the Internet.  The log file will show you which User-Agent it is using.  For me it is Lotus-Notes.  Put this in your User Agent Whitelist. The picture explains it all. 

Basically, it says...if user agent is anything else than what is in the User Agent Whitelist, than authenticate them.  If it is in the list, skip authentication. 

That's all you have to do.    Also, if you still want your URL filtering policy to apply to unauthenticated users, you will need to create a copy of your URL filter policy for unauthenticated users.  That way, any browsing done with Lotus Notes will still be controlled by your company policy.

6.png

0 Kudos
james_478
Level 7

Re: Creating a rule to bypass authentication for HTTP/1.0 traffic on web gateway 7.1

Jump to solution

Thank you very Much Jon (jont717).  Your screen shot made the difference.

This seems to have done the trick.

Thank you as well Jon ScholtenJon Scholten

James

0 Kudos