Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 01 November 2024, 09:23:01 pm

Login with username, password and session length

Visit the official Endian Community Mailinglist  HERE
14248 Posts in 4376 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  AD non authenticated users are not blocked by the HTTP proxy
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: AD non authenticated users are not blocked by the HTTP proxy  (Read 23841 times)
conceptmedia
Full Member
***
Offline Offline

Posts: 12


« on: Friday 01 August 2014, 08:12:41 am »

Hello,
 
When the HTTP proxy is activated by joining a MS SRV AD, computers that have not joined the domain and do not have the browser proxy configured but have their network configuration according to the Green zone are able to go through the efw without any trouble without being blocked by the proxy.

Does anybody know of a way to create an access rule that prevents unauthenticated users to the domain AD to be blocked by the HTTP proxy?

Many thanks.

Logged
Di4bLo
Full Member
***
Offline Offline

Posts: 39


« Reply #1 on: Sunday 24 August 2014, 07:59:33 am »

As far as I know, if you use NTLM, the user logged to the computer is automatically used for the browser authentication.
Logged
Eduardo
Full Member
***
Offline Offline

Gender: Male
Posts: 13


« Reply #2 on: Sunday 24 August 2014, 05:22:08 pm »

Did you uncheck the HTTP and HTTPS traffic checkbox on the firewall?
Logged
conceptmedia
Full Member
***
Offline Offline

Posts: 12


« Reply #3 on: Monday 25 August 2014, 07:43:18 am »

Hello, and thanks for your comments.

The HTTP and HTTPS proxies are enabled and do make their job if the computer/user has joined the AD domain and has the browser connection configured to use the firewall proxy.

But as I found out if this computer/user belongs to the green zone but has not joined the AD domain (so, it is on a workgroup) and the browser is not configured to use a proxy, the firewall let it go out trough the red zone without checking it.

There should be a way, in the firewall, to prevent users that are not joined to the domain to go through.

Thanks again.
JP

Logged
Di4bLo
Full Member
***
Offline Offline

Posts: 39


« Reply #4 on: Tuesday 09 June 2015, 05:26:58 pm »

You could remove the gateway from the network settings, you could disable the HTTP and HTTPS rules on the firewall or if you know the IPs you can create a deny rule on the firewall for computers that are not joined to the domain.
I use the first option.
Logged
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #5 on: Tuesday 09 June 2015, 08:12:55 pm »

why you don't use transparent proxy?
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com