Solved: Using Squid Proxy instead of Cisco Connector

moon_blue69 · ‎03-22-2016

I am trying to use squid proxy instead of cisco connector. I have configured squid on a Windows server 2012 R2 vm (domain is windows server 2012 R2). I managed to configure ldap authentication and the web traffic is going through cws towers. My problem is ad security group information is not passed on to CWS. We have users who belong to ad groups called "webmail allowed", "youtube Allowed" who are allowed to access webmail and youtube.This works fine if I am using cisco connector, users of these group can access you tube and webmails. But when I use squid, users are blocked from youtube and webmail irrespective of their group membership. Hope some one can help to resolve this.

Thanks in Adavance

Ashok Sakthivel · ‎03-22-2016

If you are using Squid proxy , you can't achieve user granularity.

Actual reason is :

Cisco connectors inserts the x-scansafe header and it carries user-group and auth-key information.

CWS tower will read through the x-scansafe header and validates auth-key , usergroup against the webfiltering rules that you configured in your portal.

Squid proxy doesn't insert x-scansafe header ( only applied in Cisco Connectors).

Thanks and Regards,

Ashok Sakthivel

View solution in original post

Ashok Sakthivel · ‎03-22-2016