Versions / Builds Affected
WebMonitor 2011Standalone ProxyStatus
ResolvedProblem Summary
When using integrated authentication in the WebMonitor 2011 proxy version in an environment where multiple users authenticate from the same IP (a typical example would be a terminal server environent), WebMonitor "sees" the wrong user accessing the web.TT / JIRAID
WEBMON-53How to Identify
There is no clear indication in the logs, so you need to check the environent and the problem description.
The problem is quite obvious in the following example:
User A is not allowed to access e.g. social networking
User B is whitelisted i.e. he has full access to every website
User A browses the web and can't access Facebook - nothing wrong here
Now user B wants to access Facebook and sees a notification that he breaches the policy which blocks social networking - remember: User B is whitleisted
If you check the logs in this case, you will find no traces of user B, only user A.
Now there is one thing to check in the proxy log "logs.txt":
You will find "Optimized authentication feature ACTIVE"
This active feature is the culprit.Workaround / Fix Details
The problem is caused by an implementation of authentication caching which which has problems with different users authenticating from the same IP at the same time.
To disable this feature create the DWORD
SocketOrientedAuthentication with the value 1 under
64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI\WebMonitor
32-bit: HKEY_LOCAL_MACHINE\SOFTWARE\GFI\WebMonitor
Restart the WebMonitor services
"logs.txt" will now show "Optimized authentication feature FALSE"
Note: This issue will not be fixed in the foreseeable future, so this workaround can be seen as the final solution.Required Actions
Set registry key
Confirm issue is resolved
Close case and use category Product Defect -> Other -> WEBMON-53