Oracle iPlanet Web Proxy Server 4.0.14 Administration Guide

Setting Access Control

This section describes the process of restricting access. You can set global access control rules for all servers, and also individually for specific servers. For instance, a human resources department might create ACLs allowing all authenticated users to view their own payroll data, but restrict access for the purpose of updating data to human resources personnel responsible for payroll.

This section contains the following topics:


Note –

Distributed administration must be configured and activated before global access control can be set.


Setting Access Control Globally

ProcedureTo Set Access Control for All Servers

  1. Access the Administration Server and click the Global Settings tab.

  2. Click the Administer Access Control link.

  3. Select the administration server (proxy-admserv) from the drop-down list, click Go to load data, and then click New ACL (or Edit ACL).

  4. Authenticate if prompted.

    The Access Control Rules For page is displayed. The Administration Server has two lines of default access control rules, which cannot be edited.

  5. Select Access Control Is On if not already selected.

  6. To add a default ACL rule to the bottom row of the table, click the New Line button.

    To change the position of an access control restriction, click the up or down arrow.

  7. Click Anyone in the Users/Groups column.

    The User/Group page is displayed in the lower frame.

  8. Select the users and groups to which you will allow access, and click Update.

    Clicking the List button for Group or User provides lists from which to choose. For more information about the settings, see the online Help. Also see Specifying Users and Groups.

  9. Click Anyplace in the From Host column.

    The From Host page is displayed in the lower frame.

  10. Specify the host names and IP addresses allowed access, and click Update.

    For more information about the settings, see the online Help. Also see Specifying the From Host.

  11. Click All in the Programs column.

    The Programs page is displayed in the lower frame.

  12. Select the Program Groups or type the specific file name in the Program Items field to which you will allow access, and click Update.

    For more information about the settings, see the online Help. Also see Restricting Access to Programs.

  13. (Optional) Click the X in the Extra column to add a customized ACL expression.

    The Customized Expressions page is displayed in the lower frame. For more information, see Writing Customized Expressions.

  14. Select the checkbox in the Continue column, if not already selected.

    The server evaluates the next line before determining whether the user is allowed access. When creating multiple lines, work from the most general restrictions to the most specific.

  15. (Optional) Click the trash can icon to delete the corresponding line from the access control rules.

  16. (Optional) Click the Response When Denied link to specify the response a user receives when denied access.

    The Access Deny Response page is displayed in the lower frame.

    1. Select the desired response.

    2. Specify additional information if appropriate.

    3. Click Update

    For more information about the settings, see Responding When Access Is Denied.

  17. Click Submit to store the new access control rules in the ACL file, or Revert to reset elements in the page to the values they contained before changes were made.

Setting Access Control for a Server Instance

You can create, edit, or delete access control for a specific server instance using the Server Manager. If deleting, do not delete all ACL rules from the ACL files. At least one ACL file containing a minimum of one ACL rule is required to start the server. Deleting all ACL rules and restarting the server will result in a syntax error.

ProcedureTo Set Access Control for a Server Instance

  1. Access the Server Manager for the server instance and click the Preferences tab.

  2. Click the Administer Access Control link.

  3. Select an ACL using one of the following methods:

    • Select a resource that uses ACLs to restrict access from the Select A Resource drop-down list, or click Regular Expression to specify a regular expression. For more information, see Chapter 16, Managing Templates and Resources in the Proxy Server Administration Guide.

    • Select An Existing ACL lists all ACLs that are enabled.

      Existing ACLs that are not enabled do not display in this list. Select an ACL from the drop-down list.

    • Type In The ACL Name . This option enables you to create named ACLs. Use the option only if you are familiar with ACL files. You must manually edit obj.conf if you want to apply named ACLs to resources. For more information, see Chapter 18, ACL File Syntax.

  4. Click the corresponding Edit button.

    The Access Control Rules For page is displayed.

  5. Select Access Control Is On if not already selected.

  6. To add a default ACL rule to the bottom row of the table, click the New Line button.

    To change the position of an access control restriction, click the up or down arrow.

  7. To edit the ACL for this server instance, click the action in the Action column.

    The Allow/Deny page is displayed in the lower frame.

  8. Select Allow if not already selected as the default, and click Update.

    For more information about Allow or Deny, see Setting the Action.

  9. Click Anyone in the Users/Groups column. The User/Group page is displayed in the lower frame.

  10. Select the users and groups to which you will allow access, specify authentication information, and then click Update.

    Clicking the List button for Group or User to display lists from which to choose. For more information about the settings, see the online Help. Also see Specifying Users and Groups.

  11. Click Anyplace in the From Host column.

    The From Host page is displayed in the lower frame.

  12. Specify the host names and IP addresses allowed access, and click Update.

    For more information about the settings, see the online Help. Also see Specifying the From Host.

  13. Click All in the Rights column.

    The Access Rights page is displayed in the lower frame.

  14. Specify access rights for this user, and click Update.

    For more information, see Restricting Access to Programs.

  15. (Optional) Click the X under the Extra column to add a customized ACL expression.

    The Customized Expressions page is displayed in the lower frame. For more information, see Writing Customized Expressions.

  16. Select the checkbox in the Continue column, if not already selected.

    The server evaluates the next line before determining if the user is allowed access. When creating multiple lines, work from the most general restrictions to the most specific.

  17. (Optional) Click the trash can icon to delete the corresponding line from the access control rules.

    Do not delete all ACL rules from the ACL files. At least one ACL file containing at least one ACL rule is required to start the server. If you delete all ACL rules in the ACL files and try to restart the server, you will receive a syntax error.

  18. (Optional) Click the Response When Denied link to specify the response a user receives when denied access.

    The Access Deny Response page is displayed in the lower frame. Select the desired response, specify additional information if appropriate, and then click Update. For more information about the settings, see Responding When Access Is Denied.

  19. Click Submit to store the new access control rules in the ACL file, or Revert to reset elements in the page to the values they contained before changes were made.