cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

URLS is causing Authentication while accessing box.com

Hi, we created a rule with no authentication and the URL that need to access is box.com. The problem is while accessing this we encounter a login prompt in the browser and ask to be authenticated, we checked the ruleset and saw some URLs causing the authentication. We added the URLs in the policy we created, but new URLs are causing the authentication. We tried it in google chrome and the Internet explorer browser.
3 Replies
asabban
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: URLS is causing Authentication while accessing box.com

Hi,

box.com loads content from several different web sites. Each of these site will likely not match your rule and run into the authentication rule set, so the browser is asking for authentication.

You should be able to make a rule trace and go to box.com, you will exactly see what request will cause the authentication action to happen. Those URLs need to be bypassed from authentication as well.

Best,
Andre

Re: URLS is causing Authentication while accessing box.com

Hi Andre,

That is actually what I did but upon bypassing URLs visible on the rule trace another set of URLs is causing the authentication. It seems endless adding of URLs is needed to bypass authentication. Is there any other solution to solve the issue?

asabban
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: URLS is causing Authentication while accessing box.com

Yes, a lot of content is loaded from a lot of different hosts. There is (technically) no dependency between the embedded requests and the original request to box.com, so there is no automatic solution which would allow you to "only allow box.com and all embedded and referred objects".

Other options might be:

- Whitelist based on the referrer, so the exception works on URLs that are matching the whitelist and requests that have a referer header. This could improve the situation, but a referer header is something a user can fake if he wants, so it is considered a potential security risk.

- Whitelist based on the clients IP address, e.g. once he accessed box.com leave further requests from the same IP address without authentication for a minute. Of couse this is also a potential securty risk.

Best,
Andre

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community