cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
391
Views
0
Helpful
1
Replies
moon_blue69
Beginner

Using Squid Proxy instead of Cisco Connector

I am trying to use squid proxy instead of cisco connector. I have configured squid on a Windows server 2012 R2 vm (domain is windows server 2012 R2). I managed to configure ldap authentication and the web traffic is going through cws towers. My problem is ad security group information is not passed on to CWS. We have users who belong to ad groups called "webmail allowed", "youtube Allowed" who are allowed to access webmail and youtube.This works fine if I am using cisco connector, users of these group can access you tube and webmails. But when I use squid, users are blocked from youtube and webmail irrespective of their group membership. Hope some one can help to resolve this.

Thanks in Adavance

1 ACCEPTED SOLUTION

Accepted Solutions
Ashok Sakthivel
Cisco Employee

If you are using Squid proxy , you can't achieve user granularity. 

Actual reason is :

Cisco connectors inserts the x-scansafe header and it carries user-group and auth-key information.

CWS tower will read through the x-scansafe header and validates auth-key , usergroup against the webfiltering rules that you configured in your portal.

Squid proxy doesn't insert x-scansafe header ( only applied in Cisco Connectors).

Thanks and Regards,

Ashok Sakthivel

View solution in original post

1 REPLY 1
Ashok Sakthivel
Cisco Employee

If you are using Squid proxy , you can't achieve user granularity. 

Actual reason is :

Cisco connectors inserts the x-scansafe header and it carries user-group and auth-key information.

CWS tower will read through the x-scansafe header and validates auth-key , usergroup against the webfiltering rules that you configured in your portal.

Squid proxy doesn't insert x-scansafe header ( only applied in Cisco Connectors).

Thanks and Regards,

Ashok Sakthivel

View solution in original post

Content for Community-Ad