cancel
Showing results for 
Search instead for 
Did you mean: 
malefunk
Level 7

Lookup Username From "Proxy-Authorization: Basic" Header

Jump to solution

I want to implement userbased access control, but we are using (internal & external) Squid Proxys for authentication.

So i thought the predefined ruleset from the title would work perfectly when let the squid forward the authentication data ( Username + fixed PW).

I only have one problem, and can't find solution : HTTPS

The CONNECT request comes with the proxy-authorization header as expected, but the MWG ruleset parses everey internal request over the tunnel,

and the internal requests (logically) don't have the header!

I tried to find a way to save the username from the CONNECT for the following request, for example by setting Authenticated.Username Property,

but it's only used for one request/response cycle.

What annoys me that it works for x-forwarde-for header which is also only sent in the CONNECt but persistent in the client.ip value, but maybe that's because it is programmed... :/

Easiest way i thought would be to update a MapType List with IP as Index and username as value, but i could not find a way to write/update a List persistently.

I can only use Map.SetStringValue for a temporay variable like this : Set User-Defined.IP-User-List = Map.SetStringValue ( Map-IP-User-List, IP.String (Client.IP) , Authentication.UserName)

Does anyone have an idea how to dynamically update a list, or how i can save the Authentication.Username for following https requests?

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: Lookup Username From "Proxy-Authorization: Basic" Header

Jump to solution

Hi Malefunk!

Ah yes, a subtle nuance here.

When you set the Authentication.Username in the CONNECT, also set Authentication.IsAuthenticated equal to True.

This way, MWG will remember the Authentication.* properties inside the tunnel. If Authentication.IsAuthenticated is not set to True, then MWG will forget it for requests in the HTTPS tunnel.

Best Regards,

Jon

0 Kudos
2 Replies
McAfee Employee

Re: Lookup Username From "Proxy-Authorization: Basic" Header

Jump to solution

Hi Malefunk!

Ah yes, a subtle nuance here.

When you set the Authentication.Username in the CONNECT, also set Authentication.IsAuthenticated equal to True.

This way, MWG will remember the Authentication.* properties inside the tunnel. If Authentication.IsAuthenticated is not set to True, then MWG will forget it for requests in the HTTPS tunnel.

Best Regards,

Jon

0 Kudos
malefunk
Level 7

Re: Lookup Username From "Proxy-Authorization: Basic" Header

Jump to solution

Thanks, that was the small hint i needed

0 Kudos