cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
484
Views
0
Helpful
3
Replies

Stand alone CE http request authentication

doan
Level 1
Level 1

Hi all,

We have CE 7305 with ACNS 5.2.3, running as a standalone web proxy. We would like to configure HTTP request authentication such that only requests from a known source IP address to a known destination IP address need to be authenticated, all other kinds of request will be no-auth. For example:

- source IP 10.10/16, dest www.example.com: authentication needed.

- source any, dest any: no authentication

Has anybody done a similar configuration? I appreciate any helps.

Regards,

A.T Doan

3 Replies 3

jfoerster
Level 4
Level 4

HI,

as far as I know http authentication is only possible with a radius,tacacs+, ldap or ntlm server.

For the authentication pattern you are trying to achieve do the following next to configuring one of the above mentioned servers:

rule enable

rule action no-auth pattern-list 1

rule pattern-list 1 group-type and

rule pattern-list 1 src-ip 10.10.0.0 255.255.0.0

rule pattern-list 1 domain !www.example.com

Kind Regards,

Joerg

Hi,

sorry a little logical mistake is my posting and it won't probably exactly coveryour requests but I guess the example gives you an idea what has to be done.

Bad luck that there is not NOT operator for src-ip-addresses so you have to setup a proper logic.

As soon as the result of parsing all pattern-list-lines ends with a false you have to authenticate.

Kind Regards,

Joerg

Joerg,

Thank you very much for your help. I understand the idea of your example. The key information is the !domain in the URL regex. With the combination of normal router ACL (for the NOT src-ip) and the !domain in Rule Template I could setup the configuration I wanted.

Many thanks again.

A.T Doan

Review Cisco Networking for a $25 gift card