To restrict access based on security

As of Sun Java System Web Server 6.1 you can configure SSL and non-SSL listen sockets for the same server instance. Restricting access based on security allows you to create protection for resources that should only be transmitted over a secure channel.

To limit access based on security, using the steps described for setting access control for a server instance, you would:

1. Use the Server Manager to select the server instance.

2. Choose the Preferences tab.

3. Click the Restrict Access link.

4. Select the entire server from the drop-down list in Pick a Resource and click Edit Access Control.

5. Create a new rule allowing read and execute rights to all.

   If a user wants to add, update, or delete a file or directory, this rule will not apply and the server will searches for another rule that matches.

6. Create a new rule denying write and delete rights to all.

7. Click X link to create a customized expression.

8. Enter ssl=”on”.

   Example:

   user = "anyone" and ssl=”on”

9. Submit and Apply your changes.

   Any errors in the custom expression generates an error message. Make the necessary corrections and submit your changes again.