Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1273 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Forced AD Auth & no auth exception group

jmousse
I've got an interesting puzzle. I have ASG 8.001 config'ed with forced AD auth. Everything works fine, but if I add an exception group & select no auth for it, the user gets an Astaro error message in their browser. The sites that I wanted in this group were places such as YouTube, & FaceBook where re-auth is a pain. The syntax I used was:
^https?://[A-Za-z0-9.-]*facebook.com/
^https?://[A-Za-z0-9.-]*youtube.com/
Currently I'm using a work-around by using "categories" such as 'Social Networking', but I'd prefer it locked down a little tighter.
Has anyone else run into this? Comments/suggestions?
[:S]


This thread was automatically locked due to age.
Parents
  • 0
    So, are you saying the Astaro doesn't like your expressions and tries to authenticate anyway?  If so, then try just using .facebook.com/ and .youtube.com/ instead.

    Or, do you think there's a bug with an exception for authorization?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    So, are you saying the Astaro doesn't like your expressions and tries to authenticate anyway?  If so, then try just using .facebook.com/ and .youtube.com/ instead.

    Or, do you think there's a bug with an exception for authorization?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    [QUOTE=BAlfson;156558]So, are you saying the Astaro doesn't like your expressions and tries to authenticate anyway?  If so, then try just using .facebook.com/ and .youtube.com/ instead, as Astaro now supports a bit more than standard REGEXs.

    Or, do you think there's a bug with an exception for authorization?

    Not at all. Users aren't asked to be auth'ed. There is just an error message via the ASG to the user via browser without explanation. I tried using just the syntax "facebook.com", but got the same error.

    I've downloaded live HTTP Headers for Firefox to see what's happening. I'll post the output within the next 14 hrs as well as the FW message. https://addons.mozilla.org/en-US/firefox/addon/3829/

    Unless I've mis-config'ed, it appears to be a bug.