Configure proxy authorization

Proxy authorization is a setting that you enable in a policy to require that ETP Proxy authorize connections from the on-premises proxy in a proxy chaining configuration. This setting adds the Proxy-Authorization header to these connections. The Proxy-Authorization header contains proxy credentials that are used to authenticate the on-premises proxy. ETP Proxy validates these credentials before it allows connections from the on-premises proxy.

To set up proxy authorization:

ūüďė

Proxy authorization uses a basic authentication scheme. The credentials in the proxy authorization header are base64 encoded. HTTPS and TLS further secures these credentials in the header.

In situations where ETP Proxy cannot validate the request, a browser error message appears. For example:

  • If authentication fails, a browser error message indicates that authentication failed.

  • If proxy authentication is enabled in a policy and there are no proxy credentials configured, a browser error message indicates that proxy authentication is required.

If proxy authorization is not enabled in a policy for a proxy chaining configuration, requests are accepted by ETP Proxy as long as they come from a known location.

Create a proxy credential

To enable proxy authorization in a policy, you need to first configure proxy credentials in ‚ÄčEnterprise Threat Protector‚Äč (ETP). Proxy credentials are used to authorize connection requests from the on-premises proxy to ETP Proxy.

By default, the username you create contains an ID number that identifies your organization:

username@organizationID

where:

  • Username is the username you create.

  • OrganizationID is the number that ‚ÄčAkamai‚Äč uses to identify your organization. This ID is automatically added to the username.

To create a proxy credential:

  1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > Connection Credentials.

  2. Click the plus sign icon.

  3. Enter a username in the provided field.

  4. Enter a password and retype the password in the provided fields. Make sure the password you create contains a minimum of 8 alphanumeric characters. The password must contain one uppercase and one lowercase letter.

  5. Click the check mark icon to create the proxy credential.

Next steps

  1. Click the copy icon next to the username field to copy your username. The username you copy contains an ID that identifies your organization.

  2. Configure these credentials in the on-premises proxy. Make sure that the username you provide includes the ID. For instructions on configuring these credentials in Squid, see Configure Squid to forward traffic to ETP Proxy.

  3. Enable proxy authorization. For instructions, see Enable proxy authorization or Enable a full web proxy.

Delete a proxy credential

To delete a proxy credential that you created in ETP:

  1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > Connection Credentials.

  2. Click the trash bin icon that's associated with a proxy credential.

  3. Click Yes to confirm the deletion.

Next steps

If you already configured this credential in the on-premises proxy, make sure you remove it.

Enable proxy authorization

Proxy authorization allows ETP Proxy to authorize connections from an on-premises proxy in a proxy chaining configuration.

To enable proxy authorization in an existing policy where ETP Proxy is enabled:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Policies.

  2. Locate the policy where you want to want to enable proxy authorization.

  3. Click the name of the policy.

  4. Click the Settings tab.

  5. Under Proxy Settings, enable Proxy Authorization.

  6. Click Save. If you want to save and deploy the policy, click Save and Deploy.

Next steps

If you haven’t deployed the policy, make sure you deploy it to the ETP network. For instructions, see Deploy configuration changes.


Did this page help you?