Re: Allow Rules not working
Craig Johnson
problem systems getting authentication prompts? Do you even have SSL
authentication method enabled?)
Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***
Craig Johnson
authentication', so I'm wondering what is wrong there.
First, double check that 'authenticate only when user attempts to
access a restricted page' is still checked.
What is failing isn't the access rule (probably), but the proxy
authentication piece. This should not be something related to
backrevving (-that is, you don't need to for this issue-) aclcheck.
Craig Johnson
> "Authenticate only when...." was not checked,
You will not get selective authentication if that is not checked. By
selective, I mean that some people should authenticate (CLNTRUST or SSL),
but others don't have to (IP-based access rules).
> Checked it, saved changes
> , restarted proxy (hard boot) did nchange prompt on end machine, now it
> only prompts for SSL content.....
Not sure what you mean by only prompting for SSL content?
It WILL prompt for anything not specifically allowed in a rule in the
list. That includes sites that will be denied, once the user proxy
authenticates.
Craig Johnson
> and t worked. The issue was that going to http://somewebsite worked, but
> https://somesecuresite didn't. Basically the issue was with that setting
> being off in the authentication side, I "think" something in SP8 turned
> it off, it was on before.
>
SP8 wouldn't do that.
I don't generally recommend port 80 rules. You are much better off using
Allow/Deny URL rules. (Some exceptions for port 443 though). Not all
web sites use port 80.
I also customize filter exceptions a fair amount to allow non-standard
ports to work easily.