How to add certain websites that can be access with applications that can't use proxy authentication.
Is a whitelist enough or do I need a User Based Mapping rule?
RayMessage was edited by: RayP on 1/14/11 3:15:15 AM CST
I use 7.0.2 and if I want to give access to a site without requiring authentication, I add it in a whitelist that comes before my authentication rule set.
Is it default that a whitelist comes before authentication?
If not, what did you do?
Now i have the following web mapping:
|Map from||Map via||Using these rules||Note|
|User Name||map directly||User-Direct-3||Gives Mediaplayer access without authentication|
|IP||map directly||IP-Direct-1||Gives certain IP from host access without authentication|
|Group Name||map directly||Group-Direct-1||Gives some global groups from different domains access to the internet|
I'm also running 7.0.2 and have had to bypass authentication for a number of "special cases".
As seen in the screenshot, I created rules based on the User-Agent, or the Client.IP, or the destination host, or a combination of elements and then placed it before the Authenticate rule. I didn't really use the whitelists for this at all, though I'm sure that would work, too.
What version are you using Ray? I only know about 7.0.2, and basically with that one you can move rules and rule sets around with ease.
The following will give you the information you're looking for:
Hope this helps.
There is no document for version 7 as there isnt one way to accomplish this. It simply requires that you create a rule based on certain criteria to bypass requests from the authentication rules. Examples are built into the default rules, and the examples shown above are perfect for accomplishing this (see ubahmapk's image). ubahmapk has bypassed authentication based on different criteria (user-agent, host, client.ip, etc..).
If it is only specific applications that are having problems with authentication, you can create a User-Agent whitelist and exclude them from your authentication rulesets. For example, I have to exclude Macs in our environment from authentication because they are not integrated with Active Directory. I've also excluded the QuickTime application from authentication. To do this I created a wildcard expression list that contains strings found in the User-Agent parameter of the Header.Get property.
For example, the Header.Get ("User-Agent") property for the Safari Browser will always contain the word "safari". It will also contain the string "Mac OS X" if you want to be more specific.
Hope that helps...