Prevent Proxy Authentication Loops

If you use WPAD for automatic proxy settings it might be the WPAD settings will also be read by the server where the proxy is installed. In this case if you run a browser on that server or just type anything in the Search Menu on Windows the machine would connect to itself and authentication might fail.

In this case the following popup window might be shown. A proxy is then connecting to proxy (itself) and fails to authenticate.

To solve the problem, we need to somehow disable the proxy authentication when request comes from the proxy itself. It might be done by:

• adjusting the WPAD settings or Global Policy to NOT configure proxy settings for machines where proxy app is installed (architecturally correct way so to say).
• making a new policy in the proxy application with disabled authentication and putting the proxy machines into it (quick way)

Starting from version 3.0, Web Filtering Proxy has a pre-configured nofilter policy as shown on the following screenshot. All logic of web filtering, proxy authentication and HTTPS decryption is completely disabled in this policy.

Members of this policy are automatically populated from the IP addresses configured on the proxy box itself. Additional members can also be added as desired.

A tooltip is shown upon hovering your mouse on the checkbox showing all automatically detected IP addresses.

Click Save and Apply in order for the changes to be applied. Now access from the proxy machines should not be authenticated. This can be checked in the Monitoring node.