Proxy authorization
Proxy authorization is a setting that you enable in a policy to require that ETP Proxy authorize connections from the on-premises proxy in a proxy chaining configuration. This setting adds the Proxy-Authorization header to these connections. The Proxy-Authorization header contains proxy credentials that are used to authenticate the on-premises proxy. ETP Proxy validates these credentials before it allows connections from the on-premises proxy.
To set up proxy authorization, you must:
- Configure proxy credentials. This process involves creating a username and password. For instructions, see Create a proxy credential.
- Configure these proxy credentials in the on-premises proxy. For instructions on configuring these credentials in Squid, see Configure Squid to forward traffic to ETP Proxy.
- Select to trust the X-Forwarded-For header in a policy. For instructions, see Enable a full web proxy.
- Enable the Proxy Authorization setting in the policy. For instructions, see Enable a full web proxy or Enable proxy authorization
Note: Proxy authorization uses a basic authentication scheme. The credentials in the proxy
authorization header are base64 encoded. HTTPS and TLS further secures these credentials in
the header.
In situations where ETP Proxy cannot validate the request, a browser error message appears.
For example:
- If authentication fails, a browser error message indicates that authentication failed.
- If proxy authentication is enabled in a policy and there are no proxy credentials configured, a browser error message indicates that proxy authentication is required.
If proxy authorization is not enabled in a policy for a proxy chaining configuration, requests are accepted by ETP Proxy as long as they come from a known location.