Installation guide

If you want to exclude SLL traffic from the parent proxy and tunnel the traffic directly

to the origin server, enable the Tunnel Requests Bypass Parent option in the

Configure tab Content Routing > Hierarchies. This option can be used for any

tunneled traffic.

Appendix: Specific proxy chain

configuration procedures

With Blue Coat ProxySG

You can configure the Blue Coat proxy to send X-Forwarded-For and

X-Authenticated-User headers for Websense Content Gateway to read either by

manually editing a policy text file or defining the policy in a Blue Coat graphical

interface called Visual Policy Manager.

Note that for Blue Coat to service HTTPS requests properly with the following setup,

you must have a Blue Coat SSL license and hardware card.

Editing the local policy file

In the Blue Coat Management Console Configuration tab, click Policy in the left

column and select Policy Files. Enter the following code in the current policy text file,

using an Install Policy option:

<Proxy>

action.Add[header name for authenticated user](yes)

define action dd[header name for authenticated user]

set(request.x_header.X-Authenticated-User, "WinNT://

$(user.domain)/$(user.name)")

end action Add[header name for authenticated user]

action.Add[header name for client IP](yes)

define action dd[header name for client IP]

set(request.x_header.X-Forwarded-For,$(x-client-address))

end action Add[header name for client IP]

Using the Blue Coat graphical Visual Policy Manager

Before you configure the Blue Coat header policy, ensure that NTLM authentication is

specified in the Blue Coat Visual Policy Manager (Authentication > Windows SSO).