Filter
Top Products
38-23
Cisco ASDM User Guide
OL-16647-01
Chapter 38 Clientless SSL VPN
Configuring Proxy Bypass
• IP Address—Enter the hostname or IP address of the external HTTPS proxy server
• Port—Enter the port that listens for HTTPS requests. The default port is 443.
• Exception Address List— (Optional) Enter a URL or a comma-delimited list of several URLs to
exclude from those that can be sent to the HTTPS proxy server. The string does not have a character
limit, but the entire command cannot exceed 512 characters. You can specify literal URLs or use the
following wildcards:
–
* to match any string, including slashes (/) and periods (.). You must accompany this wildcard
with an alphanumeric string.
–
? to match any single character, including slashes and periods.
–
[x-y] to match any single character in the range of x and y, where x represents one character and
y represents another character in the ANSI character set.
–
[!x-y] to match any single character that is not in the range.
• UserName—(Optional) Enter this keyword to accompany each HTTPS proxy request with a
username to provide basic, proxy authentication.
• Password—Enter a password to send to the proxy server with each HTTPS request.
Modes
The following table shows the modes in which this feature is available:
Configuring Proxy Bypass
You can configure the security appliance to use proxy bypass when applications and web resources work
better with the special content rewriting this feature provides. Proxy bypass is an alternative method of
content rewriting that makes minimal changes to the original content. It is often useful with custom web
applications.
You can configure multiple proxy bypass entries. The order in which you configure them is unimportant.
The interface and path mask or interface and port uniquely identify a proxy bypass rule.
If you configure proxy bypass using ports rather than path masks, depending on your network
configuration, you might need to change your firewall configuration to allow these ports access to the
security appliance. Use path masks to avoid this restriction. Be aware, however, that path masks can
change, so you might need to use multiple pathmask statements to exhaust the possibilities.
A path is the text in a URL that follows the domain name. For example, in the URL
www.example.com/hrbenefits, hrbenefits is the path. Similarly, for the URL
www.example.com/hrinsurance, hrinsurance is the path. If you want to use proxy bypass for all hr sites,
you can avoid using the command multiple times by using the * wildcard as follows: /hr*.
Fields
• Interface—Displays the VLAN configured for proxy bypass.
• Port—Displays the port configured for proxy bypass.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——