Analysing 401 authentication on the Blue Coat ProxySG

When a client attempt to access a website via the proxy the OCS can send to the client an authentication challenge. The response from the OCS includes a 401 code indicating either the authentication credentials from the user has failed or the user must send credentials for the requested resources. Note that a 401 message is different to a 407 message. 407 is from the proxy and 401 is from the OCS. Thus you may receive a 401 message even after you have successfully authenticated in response to a 407 message.

Below are the logs of client requests to www.google.com on the Blue Coat. You can see the initial 407 response to the proxy challenge:

2009-05-26 07:24:31 4 1.1.1.1 - - authentication_failed PROXIED "none" - 407 TCP_DENIED GET - http www.google.com 80 / - - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)" 203.41.5.249 1095 352 -
2009-05-26 07:24:37 524 1.1.1.1 joe - - PROXIED "none" - 302 TCP_NC_MISS GET text/html;%20charset=UTF-8 http www.google.com 80 / - - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)" 203.41.5.249 622 437 -
2009-05-26 07:24:39 536 1.1.1.1 joe - - PROXIED "none" - 200 TCP_NC_MISS GET text/html;%20charset=UTF-8 http www.google.com.au 80 / - - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)" 203.41.5.249 4253 407 -
2009-05-26 07:24:40 530 1.1.1.1 joe - - PROXIED "none" http://www.google.com.au/ 200 TCP_MISS GET image/gif http www.google.com.au 80 /images/close_sm.gif - gif "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)" 203.41.5.249 380 543 -
2009-05-26 07:24:40 538 1.1.1.1 joe - - PROXIED "none" http://www.google.com.au/ 200 TCP_MISS GET image/gif http www.google.com.au 80 /images/chrome_48.gif - gif "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)" 203.41.5.249 2756 544 -
2009-05-26 07:24:40 548 1.1.1.1 joe - - PROXIED "none" http://www.google.com.au/ 200 TCP_MISS GET image/gif http www.google.com.au 80 /images/modules/buttons/g-button-chocobo-basic-2.gif - gif "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)" 203.41.5.249 619 575 -