|
|
|
The Realm and Resources group box is where you select the realm and resources to which this rule will apply.
The realm that contains the resources to which this rule will apply.
By default, the Realm drop-down list is set to the name of the realm you selected when you opened the SiteMinder Realm Dialog.
Note: In this drop-down list, the Policy Server User Interface shows all the realms that exist in this policy domain. If realms do not exist for resources you want to protect, a rule cannot be created to protect those resources.
The Resource that this rule will protect.
A resource can be a specific file or an expression that uses resource matching or regular expressions to include multiple files.
Below the resource field, the Policy Server User Interface displays the effective resource protected by the rule. The effective resource consists of the Agent, all of the resource filters concatenated from any parent realms that exist above the realm you selected, the resource filter of the realm specified in the Realm field, and the resource you entered in the Resource field.
For example, suppose you create the following:
Agent1 IP Address = 123.123.12.12
Rule1 will protect 123.123.12.12/<root directory for Agent1's web server>/dir/myfile.html.
The resource you enter in the Resource field is appended to the Resource Filter of the realm that contains the rule. If the Resource Filter of the realm ends in /, then the Resource should not begin with /. For example, if the resource filter for the realm is /dir1/, and the resource is /file.html, the rule erroneously tries to protect /dir1//file.html. In this example, the Resource should be set to file.html, so that the rule protects /dir1/file.html.
If you specify a rule in a realm that does not end in /, and then you delete the / that the Policy Server User Interface automatically places in the Resource field and enter a resource of *, the rule protects any resources and any matching directories that fall below the realm in your network. For example, if you have a realm with a Resource Filter of /dir1, and you delete the / that the Policy Server User Interface automatically inserts into the rule, then enter a * in the Resource field, the protected resource is agent/dir1*. This resource protects everything in /dir1, as well as /dir11, /dir12, etc. If you use the default (leave the / in the Resource field), the protected resource is agent/dir1/*, which includes all files and directories contained in the dir1 directory, but does not include agent/dir11 or agent/dir12.
Note: It is possible to assign a combination of slightly different resource filters to realms and resources to rules that form the same effective URL. For example, you can create a realm with a resource filter of
/dir1 and add a rule to the realm that protects /index.html. You can then create a separate realm with a resource filter of /dir1/ that protects index.html. Both of these realm-rule combinations yield the following URL:
agent/dir1/index.html.
Since /dir1/ is the longest matching realm, and the longest matching realm takes precedence in policy processing, policies that include the realm with the /dir1/ resource filter will always take precedence over policies that include the /dir1 resource filter. This may cause unexpected behavior for administrators who create policies that include the realm-rule combination with the /dir1 resource filter.
If set, specifies that a resource can be a specific file or an expression that uses resource matching with regular expressions.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |