Authorization Timeouts?

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

Authorization Timeouts?

Postby FishHook » Jun 06 18 7:15 am

How long does WG keep a session as authenticated? The reason that I ask, is that we have some machines (ie. Usernames in AD) that should not have access to the internet except a few select websites. However, with the rule at the top of the list that forces authentication on all except authenticated users ... if the first username that logs into the computer is an account that does not have internet access and someone else comes along and logs into the computer with a username that does have full access .... now because the user that authenticated first didn't have access, the second user and subsequent users are blocked and the computer is not allowed to access the internet.

I've left a computer sitting on all night with no browser windows open logged into an account that should have internet access, but in the activity monitor it still shows the first user (non internet) as authenticated. Is there some place to change the timeout on this?
FishHook
 
Posts: 8
Joined: Nov 27 14 3:14 am

Re: Authorization Timeouts?

Postby adrien » Jun 13 18 7:23 am

Hi

the main issue is that something is retaining a connection open to the proxy. This is the thing that keeps WinGate from clearing the cached credentials for that IP address.

You may therefore need to set some idle timeouts on whatever service the client is staying connected to (could be XMPP / NAT?). If it's NAT traffic you can specify timeouts in the port security for specified ports, but if the client keeps re-connecting within the credential expiry window, it will keep the association between IP and user account going as well.

You can set the timeout for this in the credential rules, either on a global basis, or by using individual rules for specific clients.

Fundamentally though if you have multiple users using a single IP address, and you want different rules to apply for each, you need to let WinGate know this, so that it can stop inheriting credentials. There's a setting to prevent inheritance of credentials (in credential rules again). It's historically been used for terminal services, which is the other obvious case where you have multiple users on 1 IP address. This is an enterprise feature however, and causes auth to be required for every connection to the web proxy.

Regards

Adrien de Croy
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Authorization Timeouts?

Postby FishHook » Jun 13 18 8:14 am

Thanks for the help and reply.

If I would have spent a bit more time reading the help file before posting, I could have found this. The actual problem was that in the Credential Rules / Settings, the setting was "Leave Credentials intact". This is what was causing it not to "timeout" after the 30 seconds. After adjusting it to "Downgrade credentials to unknown user" it worked as intended. But from a clean install, this was the default behavior.

Thanks Again.
FishHook
 
Posts: 8
Joined: Nov 27 14 3:14 am


Return to WinGate

Who is online

Users browsing this forum: No registered users and 39 guests

cron