000015369 - AXM- How to exempt requests from one ip with settings in the rules.xml file.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015369
Applies ToAccess Manager 6.0
IssueAXM- How to exempt requests from one ip with settings in the rules.xml file.
Customer needs to exempt requests from one ip address to access only a group of urls. For example: ip address 192.168.1.1 can have un-authenticated access to: /index.html, /reports/*, /logs/*, but not anything else without ClearTrust authentication.  Can the rule argument go grouped "and"s and "or"s?
Resolution

The rules.xml file does not directly support boolean logic, but each statement will be executed and acted upon.
For this example one needs three separate rules in place.


<?xml version="1.0" encoding="UTF-8"?>
<Rules xmlns="http://www.rsasecurity.com/ClearTrust/"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.rsasecurity.com/ClearTrust/rules.xsd">
<Rule>
      <argument type="ClientIP" expression="^192\.168\.1\.1"/>
      <argument type="URI" expression="^/index.html" />
      <action type="HTTP" argument="200"/>
</Rule>
<Rule>
      <argument type="ClientIP" expression="^192\.168\.1\.1"/>
      <argument type="URI" expression="^/reports/.*" />
      <action type="HTTP" argument="200"/>
</Rule>
<Rule>
      <argument type="ClientIP" expression="^192\.168\.1\.1"/>
      <argument type="URI" expression="^/logs/.*" />
      <action type="HTTP" argument="200"/>
</Rule>
</Rules>
 
Make sure you use the namespace and version tags as indicated above.
Note that the character ?^? is important to indicate the beginning of the URI expression as we want the URI to exactly start with ?/<dir>/.*  or  /<filename>  and not treat them as sub-expressions of URI. The IP addresses have to be in regular expression notation the \  treats the next char as a regular char, the .* means any number of characters

 

Legacy Article IDa50121

Attachments

    Outcomes