1 Reply Latest reply on Jul 23, 2013 3:17 AM by asabban

    Can I add second SSL Scanner and Cookie Authentication rulesets in WMG 7.2.0?




      I am thinking to add one more SSL Scanner and Cookie Authentication in MWG for one of my group users.

      Does it cause a problem in the system?


      Note: I need this to test weather my problem will be solved at below:




      I have picked up facebook as a test page to improve my https blocking rule for Group X.

      I have removed facebook urls and IP bloks from my SSL scanner list. Right now Group X cannot access to https://facebook.com whatsoever by using regular PC.

      But thin client users of Group X could access to https://facebook.com in IE browser. I have checked up in Crome and Mozilla browser https://facebook.com gets blocked successfully.

        • 1. Re: Can I add second SSL Scanner and Cookie Authentication rulesets in WMG 7.2.0?



          you can simply add multiple instances of Cookue Authentication and/or SSL Scanner but I recommend to ensure that for each request going through the policy you only call ONE of them. Since a user can be in multiple groups this may cause problems, e.g.:


          Group "Domain Users":

            SSL Scanner #1

            Cookie Authentication #2


          Group "Administrators":

            SSL Scanner #2

            Cookie Authentication #2


          When I am now a member of "Domain Users" AND "Administrators" you will call both rule sets. Usually only one is applied, but this could lead to things (especially cookie auth) not working... so I would not recommend to do so.


          If you need this for testing I would rather recommend to use a criteria which is really unique, such as user name or client IP. If you need to stick with groups make exceptions so that only ONE rule set can match at a time.