Configuring Web authentication to support Web proxy
About support of Web proxy for Web authentication
By default, proxied HTTP requests cannot trigger Web authentication but are silently dropped. To allow such HTTP requests to trigger Web authentication, specify the port numbers of the Web proxy servers on the device.
Restrictions and guidelines
If a user's browser uses the Web Proxy Auto-Discovery (WPAD) protocol to discover Web proxy servers, you must perform the following tasks:
Add the port numbers of the Web proxy servers on the device.
Configure authentication-free rules to allow user packets destined for the IP address of the WPAD server to pass without authentication.
For Web authentication to support Web proxy:
You must add the port numbers of the Web proxy servers on the device.
Users must make sure their browsers that use a Web proxy server do not use the proxy server for the listening IP address of the local portal Web server. Thus, HTTP packets that the Web authentication user sends to the local portal Web server are not sent to the Web proxy server.
Procedure
Enter system view.
system-view
Add a Web proxy server port number.
web-auth proxy port port-number
You can execute this command multiple times to specify multiple port numbers of Web proxy servers.