If there are particular web requests that should be excluded from authentication which can be identified by HTTP header then these can be excluded by creating authentication bypasses.
Any HTTP header can be defined for this purpose but it is expected that the user-agent header will be used most frequently.
To add a HTTP Header bypass:
- From the Policy Center Home page, click Web Policy Routes. The Manage Policy Routes page appears.
-
Click the Authentication Bypass tab. The Authentication Bypass page displays a list of the authentication bypasses you have already established.
For the - Click
New.
The Add HTTP Header Bypass dialog appears. - In the Header field, type the name of the header that will be used to identify the HTTP requests where authentication should not be requested.
-
In the Value field, type a matching header value.
The HTTP Header Bypass will be triggered if the Header field contains the substring that you specify in the Value field. Wildcard characters are not supported in the Value field. Both the Header and Value fields are not case-sensitive.
- Click Add to save changes.
|
This feature is only available when Authentication is enabled. When you have finished modifying your content security policy you must apply the configuration for any changes to take effect. The Value field can be a sub-string of the full header value. This functionality should not be used for general authentication bypass. See About User Authentication for further information. |