How to Use Wildcards in Access Rules
Novell Cool Solutions: Tip
Digg This -
Posted: 25 Jan 2002
Current version: BorderManager 3.6
Wildcards can be used in access rules to block (deny) or allow access. The following examples assume a deny action, but an allow action may also be used with opposite effect:
This simple example doesn't use wildcards at all. It would only block access to the first default page itself (usually an index.htm or index.html). In this example the homepage of the www.novell.com site is blocked. If a user would type http://www.novell.com/products he/she would be able to get access to this URL directly.
This example is the proper way to block access to the entire site, and will be the most often used access rule.
In this example only access to a subdirectory on the web server is blocked. Including everything under this subdirectory.
This syntax can be used to block access to all sites within the novell.com domain. It would not only block access to http://www.novell.com but also to, for example, http://support.novell.com or http://developer.novell.com and so on.
This example demonstrates how to block access to a file type. This can be used to block downloading of, as in this example, MP3 files. Please note that in this example only http downloads are blocked. Another rule for ftp downloads would be needed.
In this example just a simple string compare is done. Usually ACLCHECK does a name resolution to find out corresponding ip addresses for URL's that are blocked. Using this syntax, however, it would be just impossible to find out all servers containing the string "sex". So, a name resolution is not performed. This actually means that any user who types in an ip address in the URL (for example http://188.8.131.52/) will be able to bypass this access rule.
This example shows how to use a wildcard to create just one access rule to block access for all protocols. This could be very well combined with the rule in 5) above which blocks access to a file type. Using a wildcard for the protocol would block http as well as ftp access. Note, however, that https is NOT covered by this wildcard. For https another rule has to be created. See below.
This example shows how to include a wildcard for an origin server listening on a different port than the default 80. This would for example cover a URL like http://internalserver.novell.com:8000/. This, however, does NOT include a server running secure http on port 443. See next example.
This example would allow access to all secure servers within the novell.com domain. Please note that the above example using a wildcard for the port does NOT work with secure servers. Also a rule that would use the syntax https://*.novell.com/* would NOT work.
- For more information about Access Rules, see this section of the documentation:
- See this great article on Developing an Access Rules Plan
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com