The Agent provides XML-based rules processing that allows your system to respond to certain requests without making calls to the RSA ClearTrust Servers. This is implemented by adding <Rule> items to the rules.xml file residing in the /conf directory of your Agent installation. If at runtime any of the rules are relevant to an access request, the Agent performs the specified actions. If the rules are not relevant, the Agent continues to process the request normally.
Each rule is composed of one or more arguments and an action. If multiple arguments are specified then the associated action(s) for the rule is taken only when all the arguments are matched. Each rule can contain multiple actions with a different action type. When all the rule arguments are matched the specified action(s) for the rule are executed.
Valid rule argument values are "URI", "Method", "Header", "Protocol", "QueryString", and "ClientIP". All argument expressions should contain regular expressions to match the users request. See the HTTP RFC for additional details on HTTP URI, request methods, headers, protocols or query strings. (http://www.w3.org/Protocols/rfc2616/rfc2616.html) All arguments should contain a type and expression, "HEADER" contains an argument field which could contain the name of the HTTP header to inspect. The expression fields can take regex expressions. See examples below.
<argument type="URI" expression="/default.ida*"/>
<argument type="Method" expression="HEAD"/>
<argument type="Protocol" expression="[^(1\.0)]"/>
<argument type="Header" argument="host" expression="badhost.com"/>
<argument type="QueryString" expression="abc=def"/>
<argument type="ClientIP" expression="192.168.1.1"/>
Action type can be one of "HTTP" (to send a HTTP response code), "LOG" (to log the request parameters to the log file at the specified log level) or "LOCK" (to lock the client by IP address for specified amount of time. All of the actions require arguments. There was a reference to an action of "NOTIFY" in the rules.xsd file, this feature was to generate snmp traps when a request meets a specified argument. This action type was removed from the product but was not removed from the rules.xsd file.
Available HTTP response arguments for "HTTP" are 200, 301, 302, 400, 401, 403, 404, 500, and 501. HTTP 301 and 302 require a URI to redirect the user. See examples below. "LOG" requires an argument of ClearTrust Agent Log Level, available values are documented in the webagent.conf. "Lock" requires a time period to lock the requesting IP.
<action type="HTTP" argument="200"/>
<action type="HTTP" argument="302 /ct_access_denied_en.html"/>
<action type="LOG" argument="Critical"/>
<action type="LOCK" argument="10 Mins"/>
Related Articles
RSA Governance & Lifecycle Collections (Vol.16) : Amazon AWS IAM Number of Views RSA Governance & Lifecycle Integration: Amazon AWS IAM Summary Number of Views Unable to log into Configuration Manager or roll back after adding password key to schema in RSA Web Threat Detection 6.1 Number of Views What are the custom attribute data type limits in RSA Identity Governance & Lifecycle Number of Views RSA Identity Governance & Lifecycle 7.0.2 Workflow hangs when loading with error "content must be served over HTTPS error" Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA-2026-07: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
