Constraining paths for a web application

In a scenario where you want to limit access to a web application, you may ask if and how UAG can help you to fulfill this requirement.

Generally, there are two locations where a URL constraint can be defined:

  1. In the Paths field in the Web Servers application properties
  2. In the URL Set

You may ask, why UAG maintains two configuration settings for the same requirement. The Paths entries are verified first. If the incoming URL is outside the scope of all paths entries, it is rejected. The default Paths is set to / so that all URLs on the web server are accessible. If you change / to /foobar/ only those URLs are accessible which are located underneath /foobar/.

image

Even if not enforced by the user interface, files and deep-links are not allowed in the Paths field. Those constraints have to go into the URL Set which is found in the trunk configuration.

image

By default, any character can follow the / after the hostname. If you want to constrain access to the default.aspx page for example, you have to change the Webserver_Rule1 to /default.aspx. In this case no other page would be allowed. If needed, more custom rules can be added to the URL list.

To summarize, only folder names must be added to the Paths while the URL Set allows far more granular URL inspection with higher CPU cost.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s