Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Kerio not requiring login to view https websites
  •  
hmadsen

Messages: 33
Karma: 1
Send a private message to this user
Hi

Had a user come tell me that he did not have to login via Kerio to access a website he uses to register some equipment.

Further investigation shows that kerio gives access to any https website without the user having to authenticate themselves.

Is this a bug, feature og misconfiguration of Kerio Control that i made ?

Hmadsen
  •  
hmadsen

Messages: 33
Karma: 1
Send a private message to this user
Is no one else experiencing this ?

Right now every user can access every website that has https: protocol without havnig to log in.

This is rather urgent as the rumour is spreading thruout the company and i see an increase in not logged in traffic.

Hmadsen
  •  
Goran

Messages: 332
Karma: 5
Send a private message to this user
I think aloot of users here not even using login trough kerio...
We using automatic login by IP address/Static DHCP or you can search how to add automatic login in windows system

Question cannot be stupid, but some of the answers can.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
hmadsen wrote on Mon, 06 August 2012 08:02
Is no one else experiencing this ?

Right now every user can access every website that has https: protocol without havnig to log in.

This is rather urgent as the rumour is spreading thruout the company and i see an increase in not logged in traffic.

Hmadsen


Did you configure your traffic rules to allow traffic (HTTPS) only for authenticated users?
The user then must authenticate to the firewall before he can access the internet.
  •  
hmadsen

Messages: 33
Karma: 1
Send a private message to this user
Hi

I am not quite sure what you mean pavel.

Under "Domain and user login" i have "Always require users to be authenticated when accessing webpages"..

I have not made any additional rules in traffic rules to allow or disallow http or https ..

As far as i can see http and https is geverned by the same rule in firewall in traffic rules.

HTTP always require you to be logged in, HTTPS does not.

Could you please point more specifically to where i setup HTTPS user authentication in traffic rules.

Thanks in advance
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
HTTP Authentication works only in HTTP protocol inspector. Since HTTPS is encrypted, there is no inspection on the firewall possible. In such case, you have to restrict access for authenticated users only in the traffic rules. The user then must access any HTTP page so he is redirected to login page or login directly to the firewall if he can access the internet. I recommend contacting our Kerio partners, they can help you understand Kerio Control settings and configuration.
  •  
James Bobby

Messages: 35
Karma: -1
Send a private message to this user
I think this is something you would want.

1.
Source: Authenticated Users
Dest: Internet
Service: HTTPS (Or Any)
Action: Allow

2.
Source: LAN
Dest: Internet
Service: HTTPS (Or more/Any)
Action: Deny/Drop

First rule will allow logged in people to access HTTPS, second will drop/deny any that is not logged on.

This would require a user to surf to a HTTP website first (and thus ending up at the login page).
Previous Topic: Deny VPN-access via ActiveDirectory
Next Topic: Block unknown IP
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 18:07:00 CET 2017

Total time taken to generate the page: 0.00453 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.