1 of 1 people found this helpful
Seems like this should work, but the best way to do it is by an actual rule, which you already said does work.
Have authentication set to always, then make rules for any type of authentication bypass you want and put these before the actual authentication happens.
This is the way I do it because we also have URL bypass lists.
Shot in the dark but, I would guess the problem is related to logic of the top level criteria. You are using some negative logic which can be tricky.
You are saying:
Client.IP is not in this list OR Client.IP is not in this list.
You most likley need to say:
Client.IP is not in this list AND Client.IP is not in this list.
Changing it to "AND" fixed the issue! I would've that the OR statement should have worked, but I'm honestly not the best a logic at times. Thanks again jont717 and Jon S for the helpful advice!
The reason it didnt work in the original setup (OR) is because, you would have to NOT be in both lists.
In the second setup (AND), you must NOT be in one of the lists.
If you want to read further into it, checkout the wiki article on truth tables, it was helpful for me (more in general rather than specifically to web gateway):
I was going to try and explain it a bit further, but was afraid I might add confusion.