Remote Devices provide the credentials for using the Redwood filter engine outside the Local Area Network, or in hosted environments. Road warriors and customers of hosted filtering services are configured as Remote Devices.
Typically such devices are laptops, tablets and smartphones.
Important! A Username can be a Remote Device in one company.
Authentication is critical in such deployments. However, many applications are not proxy-aware, or do not support proxies that require authentication. Consider the available authentication options carefully.
1. Basic Auth Mode
The Redwood filter engine listens on ports 6502 and 8080 in explicity proxy mode using HTTP Basic Authentication. LAN IP ranges do not require authentication by default. All requests from Routable IP ranges must include the username and password in the header.
This mode is problematic for applications that do not support authenticated proxies. Prefer using Port-Per-Device mode.
2. Port-Per-Device Mode
In Port-Per-Device mode, each device connects to a specific filter port. A filter port may only be assigned to a single device. (The console handles this bookkeeping automatically.)
When a device attempts to connect to a specific port, the Redwood filter engine uses any and all the following methods to authenticate that device.
When a device successfully authenticates with any of these methods, then all traffic from the corresponding Remote IP connecting to the Proxy Port will be considered authenticated. This resolves the problem of limited support for Basic Auth Mode.
- Basic Username and Password credentials
- URL Query Param of encoded Username and Password
- Expected Platform and Expected Network detection
1. Basic Username and Password credentials displays a login dialog prompt just like Basic Auth Mode.
2. URL Query Param authentication is especially useful for devices that support proxy PAC URLs. Every configured PAC URL request provides the proxy info to the device, plus authenticates that device's IP.
The console auto-generates the Proxy PAC URL. Use it for all devices that support PAC URLs.
3. Expected Platform and Expected Network detection is useful provided the Remote Device and Expected Network(s) is correctly specified.
The Redwood filter engine detects the platform by parsing the UA string of the request. Platform detection will fail if apps send empty, malformed or custom UA strings.
The Redwood filter engine detects the remote network from which the device is connecting by analyzing both the reverse DNS hostname and Start of Authority (SOA) of the IP address. If the IP address has neither the reverse DNS or SOA specified, Network detection will fail.