Blue Coat OPT-1000-2499-3YR User Manual Page 54
- Page / 121
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
54
5.4.1.4. Squid NCSA
Select the Squid NCSA option if OPTENET server has been installed in a UNIX
environment (Solaris, Aix, FreeBSD o Linux), if the RPC option has been selected that
installs squid together with OPTENET and also if Squid has been configured to request
NCSA basic authentication. In this way, it will be able to make OPTENET show in the
section “Filtration rules” -> “users”, the list of users that Squid is able to authenticate.
Actually OPTENET carries out a search of the tag "auth_param basic program" of the
configuration file of Squid (squid.conf) to obtain the user file, run it and, in this way,
extract the user list. NCSA authentication of Squid does not work with groups of users
and it is therefore not possible to set rules by group of users if your organisation is
navigating through Squid in which NCSA authentication is configured.
5.4.2. Activating your own authentication
If your proxy or appliance is not configured to carry out user authentication, all users will
be able to have internet access without identifying themselves introducing a user name
and a password). This means that OPTENET does not receive the information of what
user makes each request, not being able to apply filtration rules based on users or groups
and only being able to establish different policies by the IP’s of users accessing Internet.
To be able to set filtration policies by user or group of users, we have two options:
• A) Configuring you proxy or appliance so that it performs user authentication
(recommended option) or
• B) Configuring OPTENET so that it identifies the users who are navigating.
In the case of option A) in which it is the proxy or cache which is authenticating users, this
proxy sends to OPTENET with each WEB request, the user who has requested it.
OPTENET in this case must obtain the groups of this user for which it uses the origin of
the data that have been configured (LDAP or Windows domains. We must remember that
OPTENET proxy or Squid NCSA cannot establish filtration rules by groups).
Option B) consists of OPTENET identifying the users who are navigating. To activate it,
the tick of the box “Activate your own authentication” should be marked in the user
authentication window. This option can be useful for organisations in which the
proxy/cache does not perform user authentication or where this cache does not send
which user is making each request to the filter. In this way of working, OPTENET carries
out an association between the IP’s that it receives with each request and those users
navigating from these IP’s and it is therefore strictly necessary for those requests
identified by their IP of origin to reach OPTENET and not by the IP of an intermediate
gateway or router. There follows a description of the identification process performed by
OPTENET:
1. A user begins an Internet session, carries out the web requests to the proxy and this
passes them to OPTENET for it to decide whether to pass or block them.
2. OPTENET extracts the IP address of the request and checks it against its internal table
that contains IP and user pairs.
3. As this IP is new, OPTENET does not yet know which user is behind this request. To
find out, it has two methods:
3.1 If the “LDAP” data origin is being selected, OPTENET redirects this request
against its authentication server, requesting, at the same time, that the user who is
navigating introduces a user and password and it will compare the data with the LDAP
servers defined. To carry out these checks, the filter may query the “username” field
as defined in the LDAP server or access the LDAP directory directly with the
credentials supplied. Likewise, and only in the case where the “LDAP” is selected as
the data origin, it is then possible to authenticate the user with the data contained in
- User’s Manual 1
- 1. INTRODUCTION 5
- 3. INSTALLATION 7
- 3.2. Installation 8
- Group of programs 11
- Windows REGISTRY 11
- System data 12
- OPTENET Server Elements 13
- Microsoft Web Proxy 15
- 3.2.3. Under Mac OS X 20
- Start-up and shut down 24
- 3.3.3. Under Mac OS X 27
- 3.4.1. On Windows systems 27
- 3.4.2. On Linux systems 27
- 3.4.3. On Solaris systems 28
- 3.4.4. On Aix Systems 28
- 3.4.5. Under Mac OS X 28
- 4. BASIC CONCEPTS 38
- 4.4. URL 39
- 4.5. Category 39
- 4.6. Rule 40
- 5. ADMINISTRATION 41
- 5.2. Documentation 43
- 5.3. Configuration 43
- 5.3.1. Filter Status 44
- 5.3.2. Blocking page 44
- 5.3.3. Log directory 45
- 5.3.4. Log configuration 45
- 5.4. Authentication 47
- 5.4.3. Server name or IP 55
- 5.4.4. Port 56
- 5.5. Categories 58
- 5.6. URL classification 59
- 5.7. Filtering Rules 62
- 5.7.1. Change Name 63
- 5.7.2. Action 64
- 5.7.3. Categories 64
- 5.7.4. Files 65
- 5.7.5. IPs 65
- 5.7.6. Users 66
- 5.7.7. User groups 68
- 5.7.8. Surfing Time Limit 68
- 5.7.9. Time Schedules 69
- 5.7.10. URLs Yes 69
- 5.7.11. URLs Not 70
- 5.7.12. Example of rule use 70
- 5.8. Updates 71
- 5.8.1. Via proxy 72
- 5.8.2. Updating Frequency 72
- 5.8.3. Consolidation to disk 72
- 5.9. Reports 73
- 5.11. Advanced configuration 75
- 5.11.2. Skype detection 77
- 5.12. Cluster management 80
- 5.12.2. Clusters 82
- 5.12.3. Servers 83
- 5.13. License 87
- 5.14. System information 87
- 6. FREQUENT PROBLEMS 89
- (OPTENET CLI V1.0) 95
- 2.2.2. Help 96
- 2.2.3. Commands 96
- 2.2.4. Script file 97
- 2.3. Command references 98
- 2.3.1. Configuration 99
- 2.3.2. Authentication 99
- 2.3.3. LDAP Authentication 99
- 2.3.4. Urls classification 100
- 2.3.5. Filtering rules 101
- 2.3.6. Updates 103
- 2.3.8. Working with cluster 105
- 2.4. Most common problems 106
- 5. ICAP NOW 112
- 6.2. Automatic start 115
- 7.1. Reload 115
- 8.1. Introduction 116
© 2020, manymanuals.com. All rights reserved. | 3.066 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals