Management and Configuration Guide (Includes ACM xl) 2005-12
ProCurve Secure Access 700wl Series Management and Configuration Guide 4-53
Configuring Rights
Note: If an IP address and port is configured for HTTP proxy in both an Access Policy and on an Access
Controller, the Access Policy configuration takes precedence and HTTP traffic for that Access Policy will
be directed to the external HTTP proxy server.
Caution: If you are configuring an external HTTP proxy, it is strongly recommended that the
unauthenticated Access Policies use the internal HTTP proxy server (specifically, enable the Automatic
HTTP Proxy mode but do not configure a proxy server IP address), failure to do so will allow a client to
access the Internet without even being authenticated, additionally the client cannot logon to the 700wl
Series system as the logon page is only served by the internal HTTP proxy on the Access Controller.
Internal HTTP Proxy Server
The internal HTTP proxy server resides on the Access Controller and utilizes HTTP 1.0. This proxy
server has minimal functionality and should only be used when relatively light-weight HTTP Proxy
functionality is needed and neither HTTP/1.1 compliance nor high-end HTTP performance are
required.
To use the internal HTTP proxy server, enable
Automatic HTTP Proxy in the applicable Access Policies
and configure the monitored ports and HTTP Proxy filters.
Access Policies configured with the internal HTTP proxy server will use the Access Controller to
monitor HTTP traffic specified in the monitored ports and filter it according to the HTTP Proxy filters.
Clients accessing the 700wl Series system with an Access Policy that uses the internal HTTP proxy
server do not need to configure their browser programs for HTTP Proxy and will see the 700wl Series
system HTTP pages, such as the Logon page and the Logoff page. HTTP requests that are denied based
on the filter rules are redirected to the Stop page.
External HTTP Proxy Server Through the Access Controller
Using an external HTTP proxy server by way of an Access Controller requires all HTTP traffic to first
go through the internal HTTP proxy server. Therefore, all functionality of the internal HTTP proxy
server applies to all HTTP traffic that uses this configuration. See “Internal HTTP Proxy Server” for
information on the functionality limitations.
To use an external HTTP proxy server through the Access Controller, enable
Automatic HTTP Proxy in
the applicable Access Policies, configure the monitored ports and HTTP Proxy filters, and configure an
external HTTP proxy server through the Access Controller. To configure an external HTTP proxy server
through the Access Controller, see “Automatic HTTP Proxy Server—the HTTP Proxy Tab” on page 6-31
in “Configuring the Network”.
Access Policies using an external HTTP proxy server by way of an Access Controller will use the Access
Controller to monitor HTTP traffic specified in the monitored ports and filter it according to the HTTP
Proxy filters before passing the traffic on to an external HTTP proxy server. In short, all HTTP traffic
will be proxied twice.
Clients accessing the 700wl Series system with an Access Policy that uses the external HTTP proxy
server through the Access Controller do not need to configure their browser programs for HTTP Proxy
and will see the 700wl Series system HTTP pages, such as the Logon page and the Logoff page. HTTP
requests that are denied based on the filter rules are redirected to the Stop page.