Re: Definition of a "restricted page"

[Massimo Rosen]

Hi

trevorwright wrote:
>
> This question is in relation to the "Authenticate Only when user
> attempts to access a restricted page" check box under Proxy
> services/Authentication.
>
> Let me put this senario to you and please correct me if I wrong. So I
> tick the Box and NBM (3.9) will only auth when a request is restricted.
> So will it request if my only rules are as below
>
> allow all to 'all urls'
> block all to 'all urls'

No. The allow rule matches without authentication, so no auth will ever
be requested.

> or does the allow need to be restrictive to meet the condition to
> authenticate ie
>
> allow 'user group' to 'all urls'
> block all to 'all urls'

Yes. Now it will. The allow rule will *not* match without auth, so the
deny rule will be processed and match = "restricted". Now BM will
request auth, and retry the rules from the start after aith has
happened.

CU,
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de

[Craig Johnson]

In article <trevorwri...@no-mx.forums.novell.com>, Trevorwright

wrote:
> This question is in relation to the "Authenticate Only when user
> attempts to access a restricted page" check box under Proxy
> services/Authentication.
>

A restricted page is:

1. Any page that is denied. (Which means you end up having to
authenticate so your login ID ends up in rule hit logs).

or

2. Any page that matches an Access Rule calling out source=user, group
or container (that is, needs authentication) AND is not otherwise
allowed by another access rule allowing Source=Any or Source=IP
address/range where the host address matches.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***