cancel
Showing results for 
Search instead for 
Did you mean: 
RayP
Level 7

Howto: No authorization required for certain websites

How to add certain websites that can be access with applications that can't use proxy authentication.

Is a whitelist enough or do I need a User Based Mapping rule?

Regards,

Ray

Message was edited by: RayP on 1/14/11 3:15:15 AM CST
0 Kudos
9 Replies
ittech
Level 13

Re: Howto: No authorization required for certain websites

I use 7.0.2 and if I want to give access to a site without requiring authentication, I add it in a whitelist that comes before my authentication rule set.

0 Kudos
RayP
Level 7

Re: Howto: No authorization required for certain websites

Hi Ittech,

Is it default that a whitelist comes before authentication?

If not, what did you do?

Now i have the following web mapping:

Order:

Map fromMap viaUsing these rulesNote
User Namemap directlyUser-Direct-3Gives Mediaplayer access without authentication
IPmap directlyIP-Direct-1Gives certain IP from host access without authentication
Group Namemap directlyGroup-Direct-1Gives some global groups from different domains access to the internet

Regards,
Ray

Message was edited by: RayP on 1/18/11 9:06:21 AM CST
0 Kudos
ubahmapk
Level 7

Re: Howto: No authorization required for certain websites

I'm also running 7.0.2 and have had to bypass authentication for a number of "special cases".

MWG-Bypass-Authentication.png

As seen in the screenshot, I created rules based on the User-Agent, or the Client.IP, or the destination host, or a combination of elements and then placed it before the Authenticate rule.  I didn't really use the whitelists for this at all, though I'm sure that would work, too.

0 Kudos
ittech
Level 13

Re: Howto: No authorization required for certain websites

What version are you using Ray? I only know about 7.0.2, and basically with that one you can move rules and rule sets around with ease.

0 Kudos
RayP
Level 7

Re: Howto: No authorization required for certain websites

Hi Ittech,

We're using version 6.8.6


Regards,

0 Kudos
salanis
Level 10

Re: Howto: No authorization required for certain websites

Ray-

The following will give you the information you're looking for:

Bypass authentication

https://kc.mcafee.com/corporate/index?page=content&id=KB64005

Additional Information:

https://kc.mcafee.com/corporate/index?page=content&id=KB64130

Hope this helps.

0 Kudos
feeeds
Level 9

Re: Howto: No authorization required for certain websites

Is there a KB article that shows how this is done for V7 of the gateway ?

0 Kudos
McAfee Employee

Re: Howto: No authorization required for certain websites

Hi feeds,

There is no document for version 7 as there isnt one way to accomplish this. It simply requires that you create a rule based on certain criteria to bypass requests from the authentication rules. Examples are built into the default rules, and the examples shown above are perfect for accomplishing this (see ubahmapk's image). ubahmapk has bypassed authentication based on different criteria (user-agent, host, client.ip, etc..).

~Jon

0 Kudos
sdtsmit
Level 7

Re: Howto: No authorization required for certain websites

If it is only specific applications that are having problems with authentication, you can create a User-Agent whitelist and exclude them from your authentication rulesets.  For example, I have to exclude Macs in our environment from authentication because they are not integrated with Active Directory.  I've also excluded the QuickTime application from authentication.  To do this I created a wildcard expression list that contains strings found in the User-Agent parameter of the Header.Get property.

For example, the Header.Get ("User-Agent") property for the Safari Browser will always contain the word "safari".  It will also contain the string "Mac OS X" if you want to be more specific.

Hope that helps...

Regards,

Tammy

0 Kudos