Constraining paths for a web application

In a scenario where you want to limit access to a web application, you may ask if and how UAG can help you to fulfill this requirement.

Generally, there are two locations where a URL constraint can be defined:

  1. In the Paths field in the Web Servers application properties
  2. In the URL Set

You may ask, why UAG maintains two configuration settings for the same requirement. The Paths entries are verified first. If the incoming URL is outside the scope of all paths entries, it is rejected. The default Paths is set to / so that all URLs on the web server are accessible. If you change / to /foobar/ only those URLs are accessible which are located underneath /foobar/.


Even if not enforced by the user interface, files and deep-links are not allowed in the Paths field. Those constraints have to go into the URL Set which is found in the trunk configuration.


By default, any character can follow the / after the hostname. If you want to constrain access to the default.aspx page for example, you have to change the Webserver_Rule1 to /default.aspx. In this case no other page would be allowed. If needed, more custom rules can be added to the URL list.

To summarize, only folder names must be added to the Paths while the URL Set allows far more granular URL inspection with higher CPU cost.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s