This article applies to the Barracuda Web Security Gateway running version 8.0 and higher.
Protecting User Browsing Off Network
This feature enables you to prevent remote users (students for example) from accessing objectionable material when off campus by routing their Internet requests through the Barracuda Web Security Gateway, regardless of where they access the Internet. When users attempt to access the Internet remotely, they are required to provide their LDAP credentials first.
With this configuration, you can require LDAP authentication for users who are either local or have accounts on your LDAP server. For Chromebooks, use the Barracuda Chromebook Security Extension. For Windows and Macintosh computers, install the Barracuda Web Security Agent to proxy web traffic.
When LDAP users, such as students with Chromebooks, go off network and their browsers are configured to proxy traffic to the Barracuda Web Security Gateway, they are prompted for their network credentials each time they open a browser. Proxy Authentication supports the aliased LDAP servers that you configure on the USERS/GROUPS > Authentication page.
Configure Proxy Authentication Users Off Network
Complete the following steps to configure proxy authentication for users when they access the Internet while off campus:
- Configure the browser on each device to proxy traffic to the Barracuda Web Security Gateway. To do so, you have two options:
- In the Advanced/Network settings of client browsers, using the manual proxy setting, enter the IP address of the Barracuda Web Security Gateway as the HTTP Proxy and 3128 for the port. If you wish to use a different port, you can change the Proxy Port setting on the ADVANCED > Proxy page of the Barracuda Web Security Gateway web interface. OR
- Create a PAC file and use a GPO to push it out to all client browsers. The PAC file provides lots of flexibility as to which traffic is filtered and can provide load balancing. For details, see Proxying Web Traffic Using a PAC File.
- On the USERS/GROUPS > Authentication page, define an LDAP server with an alias (for example, StudentLDAP).
- On the USERS/GROUPS > Configuration page, select this alias from the Enable Basic Authentication list.
When individuals attempt to access the Internet using their computers while off campus (for example, while at home or at a cafe with wireless Internet access), they are prompted to log in with their LDAP credentials. After they log in, their activity is logged by username on the Barracuda Web Security Gateway and is included in reports, even though they are connecting from a public access point outside their campus network.
Block All Unauthenticated Traffic
After setting up authentication for your Chromebook and other remote and mobile users, you can now decide to block all unauthenticated traffic if necessary. On BLOCK/ACCEPT pages, select Unauthenticated and create block policies for content types, URL patterns, etc.