03-08-2005 05:24 AM
Hi all,
We have CE 7305 with ACNS 5.2.3, running as a standalone web proxy. We would like to configure HTTP request authentication such that only requests from a known source IP address to a known destination IP address need to be authenticated, all other kinds of request will be no-auth. For example:
- source IP 10.10/16, dest www.example.com: authentication needed.
- source any, dest any: no authentication
Has anybody done a similar configuration? I appreciate any helps.
Regards,
A.T Doan
03-08-2005 02:21 PM
HI,
as far as I know http authentication is only possible with a radius,tacacs+, ldap or ntlm server.
For the authentication pattern you are trying to achieve do the following next to configuring one of the above mentioned servers:
rule enable
rule action no-auth pattern-list 1
rule pattern-list 1 group-type and
rule pattern-list 1 src-ip 10.10.0.0 255.255.0.0
rule pattern-list 1 domain !www.example.com
Kind Regards,
Joerg
03-08-2005 02:32 PM
Hi,
sorry a little logical mistake is my posting and it won't probably exactly coveryour requests but I guess the example gives you an idea what has to be done.
Bad luck that there is not NOT operator for src-ip-addresses so you have to setup a proper logic.
As soon as the result of parsing all pattern-list-lines ends with a false you have to authenticate.
Kind Regards,
Joerg
03-09-2005 08:39 AM
Joerg,
Thank you very much for your help. I understand the idea of your example. The key information is the !domain in the URL regex. With the combination of normal router ACL (for the NOT src-ip) and the !domain in Rule Template I could setup the configuration I wanted.
Many thanks again.
A.T Doan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide