Specify Exceptions to Transparent Redirect?

[ccsoftware]

Hi,

Is it possible to somehow set an exception for a site that you don't want intercepted?
I have a client that needs to access a website that requires a login. It will only work if going direct with NAT. But the client also uses the KAV which requires all port 80 traffic to be redirected.
Any ideas?

Thanks!

Joan

PS.. from what I've seen the next release of WinGate will allow for this type of policy.. but how about with v6.2.2?

[adrien]

Hi Joan

WinGate 6.2.2 doesn't have per-destination control over intercepts, only based on destination port (i.e. the intercept port).

So it's not currently possible to do this.

we are working on much more flexible rules about when / what to intercept etc, tied in with source-routing. Basically will be able to choose an action, being

a) Forward packet unmodified (route or forward to specific gateway)
b) modify packet then forward (NAT and/or redirect)
c) block
d) intercept

based on parameters of the connection and IP / client, e.g. based on source IP, dest IP, port numbers, time of day, user etc.

This will allow you to specify explicitly what gets intercepted or what. For instance you could choose to intercept certain sites for certain users etc. Also be able to apply restrictions, e.g bandwidth restrictions on this basis.

due to the changes involved in all of this, we can't really put it into the 6.x development tree at the moment.

Cheers

Adrien

[adrien]

P.s. so auth isn't working to one site?

Does this site use NTLM do you know?

Normally Auth should work through WinGate (even intercepted) fine. If the customer is also requiring auth at the proxy, then it may help to set the client machine to connect to the proxy rather than be intercepted.

Adrien

[ccsoftware]

Hi Adrien,

They have no authentication requirements set.
I don't know whether the site uses NTLM or not. The browsers are set to "enable integrated windows authentication".

I tried setting the browser to go direct through the proxy but it still doesn't go.
Nothing pops out in the logs.. just shows server closing connection.

I think another factor that might be at work is the presence of the AV plugin. Although I did try disabling that and still no luck. But the reason I mention that is that I'm able to login from my own pc going through the proxy service.. but I don't have the av plugin on our setup.

Any further ideas?
If you like I can give you a test login for you to try at your end, just let me know and I'll send direct to you.

Thanks!

Warm Regards,
Joan

[adrien]

Hi Joan

by all means send through and I'll have a look.

Cheers

Adrien

[ccsoftware]

Hi Adrien,

Did you get anywhere with this?

Thanks!
Joan

[adrien]

Hi

Looks like you get a 100 Continue interim response to the POST command that is sent when you hit the login button, then nothing further.

I need to do a bit more digging, but could be a problem with 1XX message series processing in the proxy.

[amolkuber]

Hi, I have users with banlist enabled .thebanlist contains 'HTTP URL CONTAINS JOBS' So whenever the user request any url which contains job/jobs is denied by wingate. Now i want only timesjob to be accesed for my users. but not other url which contains job/jobs.

[logan]

Although I don't see how your question relates to the topic in this thread, you could simply make a new policy in the WWW Proxy that allows access to sites containing timesjob.

1. GateKeeper -> Services -> WWW Proxy Server -> Policies

2. Click Add

3. Goto the Advanced tab

4. Select Specify which requests this recipient has rights for

5. Click Add Filter

6. Click Add Criterion

7. Select
- This criterion is met if
- HTTP URL
- contains
- timesjob

8. Click OK, then Apply to finalise the change.