auth_rules.config

The auth_rules.config file stores rules that direct specified IP addresses and IP address ranges, and/or traffic on specified inbound ports (explicit proxy only), and/or matching Request header User-Agent values to authenticate with distinct domain controllers. One or more domain controllers can be specified in an ordered list. This feature is called Rule-Based Authentication.

Rule-based authentication rules must be defined in the Content Gateway manager on the Configure > Security > Access Control > Authentication Rules tab. Do not edit this configuration file.

Rule-based authentication is supported for Integrated Windows Authentication (IWA), legacy NTLM, and LDAP authentication only.
Each authentication rule can specify source IP addresses, inbound port (explicit proxy only), and/or a User-Agent regex
Each authentication rule can specify one or more domains in an ordered list. Domains are identified on the Configure > Security > Access Control > Authentication Rules tab. That process includes specifying the authentication method (IWA, Legacy NTLM, LDAP).
When a rule matches, authentication is performed against one or more domains in the ordered list. The first successful authentication ends domain list traversal and the authenticating domain is cached for later use.
Authentication rules are applied from the list top-down; only the first match is applied. If no rule matches, no user authentication is performed.

Note:

If all the users in your network can be authenticated by domain controllers that share trust relationships, you probably don’t need rule-based authentication.

However, rule-based authentication can be useful in any deployment that needs to perform special authentication handling based on IP address, inbound proxy port (explicit proxy), and/or User-Agent values.