Border Manager 3.5

Обсуждение технических вопросов по продуктам Novell

Border Manager 3.5

Сообщение Юрий Бондаренко » 23 апр 2003, 10:38

Возможно ли в subj для определенных клиентов запретить метод POST?
Как в нем резать баннеры и контролировать контекст посещаемых серверов?
Поделитесь опытом.
Юрий Бондаренко
 
Сообщения: 59
Зарегистрирован: 31 июл 2002, 18:26

Re: Border Manager 3.5

Сообщение Yuriy Levin » 23 апр 2003, 12:23

Юрий Бондаренко писал(а):Возможно ли в subj для определенных клиентов запретить метод POST?
Как в нем резать баннеры и контролировать контекст посещаемых серверов?
Поделитесь опытом.


Нет, запретить нельзя. Да и то, это бы проблему во многом не решило: ведь много где для передачи параметров по HTTP используется метод GET. Баннеры резать можно по шаблонам их адресов. Вот только прописывать будет тяжело. А контролировать серфинг - с помощью любого анализатора логов.
Yuriy Levin
 
Сообщения: 60
Зарегистрирован: 09 дек 2002, 13:24
Откуда: Минск

Сообщение Владимир Горяев » 23 апр 2003, 14:36

How to Use Wildcards in Access Rules - TID10056952
How to Use Wildcards in Access Rules

fact

BorderManager 3.0

Novell BorderManager 3.5

fix

Wildcards can be used in access rules to block (deny) or allow access. The following examples assume a deny action, but an allow action may also be used with opposite effect:

1) http://www.novell.com/
This simple example doesn't use wildcards at all. It would only block access to the first default page itself (usually an index.htm or index.html). In this example the homepage of the www.novell.com site is blocked. If a user would type http://www.novell.com/products he/she would be able to get access to this URL directly.

2) http://www.novell.com/*
This example is the proper way to block access to the entire site, and will be the most often used access rule.

3) http://www.novell.com/download/*
In this example only access to a subdirectory on the web server is blocked. Including everything under this subdirectory.

4) http://*.novell.com/*
This syntax can be used to block access to all sites within the novell.com domain. It would not only block access to http://www.novell.com but also to, for example, http://support.novell.com or http:// developer.novell.com and so on.

5) http://*/*.mp3
This example demonstrates how to block access to a file type. This can be used to block downloading of, as in this example, MP3 files. Please note that in this example only http downloads are blocked. Another rule for ftp downloads would be needed.

6) http://***/*
In this example just a simple string compare is done. Usually ACLCHECK does a name resolution to find out corresponding ip addresses for URL's that are blocked. Using this syntax, however, it would be just impossible to find out all servers containing the string "*". So, a name resolution is not performed. This actually means that any user who types in an ip address in the URL (for example http://1.2.3.4/) will be able to bypass this access rule.

7) *://*.novell.com/*
This example shows how to use a wildcard to create just one access rule to block access for all protocols. This could be very well combined with the rule in 5) above which blocks access to a file type. Using a wildcard for the protocol would block http as well as ftp access. Note, however, that https is NOT covered by this wildcard. For https another rule has to be created. See below.

8) *://*.novell.com:*/*
This example shows how to include a wildcard for an origin server listening on a different port than the default 80. This would for example cover a URL like http://internalserver.novell.com:8000/. This, however, does NOT include a server running secure http on port 443. See next example.

9) http://*.novell.com:443/*
This example would allow access to all secure servers within the novell.com domain. Please note that the above example using a wildcard for the port does NOT work with secure servers. Also a rule that would use the syntax https://*.novell.com/* would NOT work.
Бардак автоматизировать невозможно!!!
_________________
Аватара пользователя
Владимир Горяев
 
Сообщения: 3473
Зарегистрирован: 05 июн 2002, 13:37
Откуда: Смоленск

Re: Border Manager 3.5

Сообщение Андрей Фисенко » 23 апр 2003, 14:38

Юрий Бондаренко писал(а):Как в нем резать баннеры ...?
Поделитесь опытом.


Goal
How to Use Wildcards in Access Rules


--------------------------------------------------------------------------------
Fact
BorderManager 3.0

Novell BorderManager 3.5


--------------------------------------------------------------------------------
Fix
Wildcards can be used in access rules to block (deny) or allow access. The following examples assume a deny action, but an allow action may also be used with opposite effect:

1) http://www.novell.com/
This simple example doesn't use wildcards at all. It would only block access to the first default page itself (usually an index.htm or index.html). In this example the homepage of the www.novell.com site is blocked. If a user would type http://www.novell.com/products he/she would be able to get access to this URL directly.

2) http://www.novell.com/*
This example is the proper way to block access to the entire site, and will be the most often used access rule.

3) http://www.novell.com/download/*
In this example only access to a subdirectory on the web server is blocked. Including everything under this subdirectory.

4) http://*.novell.com/*
This syntax can be used to block access to all sites within the novell.com domain. It would not only block access to http://www.novell.com but also to, for example, http://support.novell.com or http://developer.novell.com and so on.

5) http://*/*.mp3
This example demonstrates how to block access to a file type. This can be used to block downloading of, as in this example, MP3 files. Please note that in this example only http downloads are blocked. Another rule for ftp downloads would be needed.

6) http://***/*
In this example just a simple string compare is done. Usually ACLCHECK does a name resolution to find out corresponding ip addresses for URL's that are blocked. Using this syntax, however, it would be just impossible to find out all servers containing the string "*". So, a name resolution is not performed. This actually means that any user who types in an ip address in the URL (for example http://1.2.3.4/) will be able to bypass this access rule.

7) *://*.novell.com/*
This example shows how to use a wildcard to create just one access rule to block access for all protocols. This could be very well combined with the rule in 5) above which blocks access to a file type. Using a wildcard for the protocol would block http as well as ftp access. Note, however, that https is NOT covered by this wildcard. For https another rule has to be created. See below.

8 ) *://*.novell.com:*/*
This example shows how to include a wildcard for an origin server listening on a different port than the default 80. This would for example cover a URL like http://internalserver.novell.com:8000/. This, however, does NOT include a server running secure http on port 443. See next example.

9) http://*.novell.com:443/*
This example would allow access to all secure servers within the novell.com domain. Please note that the above example using a wildcard for the port does NOT work with secure servers. Also a rule that would use the syntax https://*.novell.com/* would NOT work.
Андрей Фисенко
 
Сообщения: 1311
Зарегистрирован: 05 июн 2002, 08:13
Откуда: Красноярск


Вернуться в Novell

Кто сейчас на конференции

Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 57

cron