Applicable in PathCheck-class directives and Service-class directives.
The deny-service function sends a “Proxy Denies Access” error when a client tries to access a specific path. If this directive appears in a client region, it performs access control on the specified clients.
The proxy specifically denies clients instead of specifically allowing them access to documents (for example, you don’t configure the proxy to allow a list of clients). The “default” object is used when a client doesn’t match any client region in objects, and because the “default” object uses the deny-service function, no one is allowed access by default.
PathCheck fn=deny-service path=.*someexpression.*
The following table describes the parameter for the deny-service function.
Table 5–50 deny-service parameters
Parameter |
Description |
---|---|
path |
A regular expression representing the path to check. Not specifying this parameter is equivalent to specifying *. URLs matching the expression are denied access to the proxy server. |
Example
<Object ppath="http://sun/.*"> # Deny servicing proxy requests for fun GIFs PathCheck fn=deny-service path=.*fun.*.gif # Make sure nobody except Sun employees can use the object # inside which this is placed. <Client dns=*~.*.sun.com> PathCheck fn=deny-service </Client> </Object> |