Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
2322 Views 21 Replies Latest reply: Dec 14, 2012 8:48 AM by asabban RSS 1 2 3 Previous Next
Bruno Caldas Newcomer 40 posts since
Sep 18, 2012
Currently Being Moderated

Oct 2, 2012 9:08 AM

Webgateway requesting password

Hello Guys .

 

when trying to access the site webgateway password prompts

 

 

http://ortc-prd-saeast1-s0016.realtime.co.

 

some help to jump this request  ?

 

Bruno Caldas


  • georgec Champion 244 posts since
    Sep 9, 2010
    Currently Being Moderated
    1. Oct 3, 2012 5:02 AM (in response to Bruno Caldas)
    Re: Webgateway requesting password

    Post a printscreen please. I have no idea what you're saying

  • georgec Champion 244 posts since
    Sep 9, 2010
    Currently Being Moderated
    3. Oct 3, 2012 7:59 AM (in response to Bruno Caldas)
    Re: Webgateway requesting password

    There are a lot of things to check. What kind of authentication method are you using? And have you checked if your version of firefox is compatible with that?

  • georgec Champion 244 posts since
    Sep 9, 2010
    Currently Being Moderated
    5. Oct 3, 2012 8:08 AM (in response to Bruno Caldas)
    Re: Webgateway requesting password

    Use NTLM or Kerberos if you want the Signle Sign On feeling. And I don't know which versions of firefox know what. Both NTLM and Kerberos work with IE

  • asabban McAfee SME 1,357 posts since
    Nov 3, 2009
    Currently Being Moderated
    7. Oct 4, 2012 2:57 AM (in response to Bruno Caldas)
    Re: Webgateway requesting password

    Hello,

     

    I do not believe that this is a matter of authentication. The problem is located at the website and the services they embedd. This is what I observed. The website embedds content from "realtime.co" which uses web sockets to push messages to the client. Basically there is nothing wrong with this, but it seems that the client part (running on the users PC when accessing the web site) is not fully proxy aware. Instead of sending a proxy-style request which looks like this:

     

    http://domain.tld/myfile.htm

     

    it sends a server-style request to MWG, which looks like this:

     

    /myfile.htm

     

    There is basically nothing wrong with this, but with authentication this behaviour becomes an issue. Usually when a proxy is configured in the browser MWG answers with 407 messages to tell the browser to authenticate (Proxy-Authenticate). This works fine. But when the client sends the server-style requests MWG now cannot answer with a 407 (because thie request is not a proxy request), but has to answer with a 401 (web server authentication) to the browser, asking for authentication.

     

    Because the browser has a proxy configured it only expects 407 messages to respond to with the credentials you have given. Once it receives the 401 the browser assumes the web site requires authentication, and shows a popup window.

     

    I cannot see any workaround except allowing the request to initialize the web socket without authentication. I have created a rule that allows this specific request (everything else is filtered as before):

     

    Auswahl_157.png

    As you can see I check the Host and Path of the URL, and if it matches to the web socket initialization I skip authentication. You may have to create a similar rule and place it somewhere into your policy where it skips all authentication rules.

     

    This should allow the web site to run fine.

     

    Best,

    Andre

  • asabban McAfee SME 1,357 posts since
    Nov 3, 2009
    Currently Being Moderated
    9. Oct 4, 2012 8:48 AM (in response to Bruno Caldas)
    Re: Webgateway requesting password

    Hi Bruno,

     

    without any data it is hard to make further assumptions, but I believe that maybe the rule is not correctly in place. If it is placed correctly MWG would not send a 401 to the browser and it would not show a popup window. Can you share some more information about your rules and explain where you added the rule?

     

    Best,

    Andre

1 2 3 Previous Next

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points