User authentication mixed up

Versions / Builds Affected

WebMonitor 2011Standalone Proxy

Status

Resolved

Problem Summary

When using integrated authentication in the WebMonitor 2011 proxy version in an environment where multiple users authenticate from the same IP (a typical example would be a terminal server environent), WebMonitor "sees" the wrong user accessing the web.

TT / JIRAID

WEBMON-53

How to Identify

There is no clear indication in the logs, so you need to check the environent and the problem description. The problem is quite obvious in the following example: User A is not allowed to access e.g. social networking User B is whitelisted i.e. he has full access to every website User A browses the web and can't access Facebook - nothing wrong here Now user B wants to access Facebook and sees a notification that he breaches the policy which blocks social networking - remember: User B is whitleisted If you check the logs in this case, you will find no traces of user B, only user A. Now there is one thing to check in the proxy log "logs.txt": You will find "Optimized authentication feature ACTIVE" This active feature is the culprit.

Workaround / Fix Details

The problem is caused by an implementation of authentication caching which which has problems with different users authenticating from the same IP at the same time. To disable this feature create the DWORD SocketOrientedAuthentication with the value 1 under 64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI\WebMonitor 32-bit: HKEY_LOCAL_MACHINE\SOFTWARE\GFI\WebMonitor Restart the WebMonitor services "logs.txt" will now show "Optimized authentication feature FALSE" Note: This issue will not be fixed in the foreseeable future, so this workaround can be seen as the final solution.

Required Actions

Set registry key Confirm issue is resolved Close case and use category Product Defect -> Other -> WEBMON-53