Proxy Interaction with Websec
Many ISPs run inline web proxy servers which are invisible to the user. They intercept any HTTP or HTTPS requests from the user's web browser, go and retrieve the page themselves, and then hand it back to the user.
The implementation of some of these inline proxies can cause problems with Penn's Websec module for web authentication. In particular, we are aware that AOL users are unable to view HTTP pages authenticated by Websec or HTPAS. For a technical description of the problem, see http://www.upenn.edu/computing/web-security/proxyprob.html.
Other ISPs may have inline proxy implementations which would also break with Websec and HTPAS, even if they do not implement the separate HTTP and HTTPS proxies as AOL does. In particular, any implementation where the IP address of the requesting host varies may trigger the problem.
Statement of Direction
It is clear that the different technical approaches have caused significant problems for users who have chosen these ISPs and need to see authenticated content on Penn web servers.
ISC Networking & Telecommunications already has plans to replace the Websec package in the future. The new implementation should address these problems.
Information Systems and Computing
University of Pennsylvania
Comments & Questions