EFW Support

Support => EFW SMTP, HTTP, SIP, FTP Proxy Support => Topic started by: jimheem on Thursday 25 June 2009, 05:12:32 am



Title: Looking for Authentication behavior to allow bypassing
Post by: jimheem on Thursday 25 June 2009, 05:12:32 am
I can't seem to figure out how to accomplish this. What I want is for my users to be able to surf the web without authentication, and have restrictions such as content filtering, but if sysadmin needs to bypass that temporarily, I can enter username and password to allow temporary bypass of filter rules.

Can I do this with Version 2.2?

Thanks


Title: Re: Looking for Authentication behavior to allow byping
Post by: davvidde on Thursday 25 June 2009, 07:18:22 pm
I think you can use a dedicated PC which has a well known  IP address and from that address you need to authenticate by any credentials.
You can set a the proxy to Authentication required and set below the IP addresses that do not require authentication (the PCs used by your users) and the PC not listed here is used by admin. Also you need to set a group policy to grant the admin group unrestricted access and others groups default policy.
The PC used by administrator is always forced to authenticate and so the admin can bypas s the filtering giving his credentials.
I try this by setting an LDAP authentication to an AD server but this works, for me, only in EFW-2.2rc3. The final release 2.2 has a "bug" which I do not know to investigate (see http://efwsupport.com/index.php?topic=673.0) and the default policy does not work, only unrestricted policy works, so, I think, from that PC you could connect only with admin credentials and not with any other users belonging to another group which has a default policy.