Hi Volkuhl,
The ProxySG will strip the Authorization Header for any traffic that matches a rule to authenticate. This is so your credentials don't make it out on the internet. As some sites use the authorization header to authenticate with basic credentials, there are two options:
1) Have the ProxySG bypass authentication for the URL
2) Insert policy to have the ProxySG forward the Basic Credentials upstream, as explained in this KB:
https://knowledge.broadcom.com/external/article/165859/how-to-forward-user-credentials-to-a-ser.htmlAs far as the differences between versions, I can't think of a change in behavior that would cause this. I know TLS 1.3 support was rolled out in SGOS 7.x, but I can't see how that would be at play here.
I would take a policy trace in 6.7.4.10, and another one in 7.2.1.1 and see if there is a difference in decision on whether to authenticate or not. If that doesn't yield anything, I would open a ticket with support to look at this further.
Thanks!
Original Message:
Sent: 07-08-2020 01:28 AM
From: Volker Uhl
Subject: http-auth issue with 7.2.1.1
Hi there,
User try to access a site via https. OCS use basic http-auth. Since update from 6.7.4.10 to 7.2.1.1 the authentication-data doesn't reach the ocs. Https-Connection is fine and OCS reachable. Server-Admin can see the connection from the client - only the authentication fails.
Https-Interception switched off doesn't help. Switching back to 6.7.4.10 and everything works fine.
Thanks!