Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3002
Views
5
Helpful
2
Replies

X-Authenticated-User (XAU) Header CISCO WSA

Go to solution
Fabio Bustamante
Level 1
Level 1

‎05-31-2018 01:46 PM - edited ‎03-08-2019 07:45 PM

Our customer is asking whether it is possible to configure the WSA with XFF (X-Forwarding-for) and XAU (X-Authenticated-User) headers. I think they need to receive that user information on a CASB Service.

 

I read that it seems to be possible to configure XFF through the CLI: >advanceproxyconfig and >miscellaneous. (right?- only enable it?)

 

What about the other header? Anyone knows if it's possible?

Thanks!!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Handy Putra
Cisco Employee
Cisco Employee

‎07-08-2018 05:38 PM

Hi,

 

For XFF header, WSA can be configured to read XFF header from downstream or load balancer and to send out XFF header to upstream.

You can configure this from GUI as well under Security Services -> Web Proxy -> Generate Headers -> X-Forwarded-For set to send (this is to send out XFF header to upstream).

If its to read XFF header from downstream or load balancer, Security Services -> Web Proxy -> Use Received Headers -> enable Identification of Client IP Addresses using X-Forwarded-For -> enter your downstream or load balancer IP address.

 

For X-Authenticated-User header, WSA only used this header for DLP processing and logging. However not support this for sending it out to upstream traffic in the TCP header.

 

Hope this helps

 

Regards

Handy Putra

View solution in original post

2 Replies 2

Go to solution
Handy Putra
Cisco Employee
Cisco Employee

‎07-08-2018 05:38 PM

Hi,

 

For XFF header, WSA can be configured to read XFF header from downstream or load balancer and to send out XFF header to upstream.

You can configure this from GUI as well under Security Services -> Web Proxy -> Generate Headers -> X-Forwarded-For set to send (this is to send out XFF header to upstream).

If its to read XFF header from downstream or load balancer, Security Services -> Web Proxy -> Use Received Headers -> enable Identification of Client IP Addresses using X-Forwarded-For -> enter your downstream or load balancer IP address.

 

For X-Authenticated-User header, WSA only used this header for DLP processing and logging. However not support this for sending it out to upstream traffic in the TCP header.

 

Hope this helps

 

Regards

Handy Putra

Go to solution
Ceez
Level 1
Level 1
In response to Handy Putra

‎02-06-2020 12:27 AM

Hi Handy Putra,

Is the WSA able to receive "X-Authenticated-User" from the "downstream proxy"?

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents