Can't access HTTPS sites with Access Rules enabled

  • 3259315
  • 06-Nov-2007
  • 26-Apr-2012

Environment

Formerly TID 2950186
Novell BorderManager 3.0
Novell BorderManager 3.5
Novell BorderManager 3.6
Novell BorderManager 3.7
Novell BorderManager 3.8
Novell BorderManager 3.9

Situation

An access control rule that is meant to allow HTTPS based on URL as"Access type" fails.
Tried to access electronic incident support at support.novell.com will receive a 403 error after they attempt to login.
Can't access HTTPS sites with Access Rules enabled

Resolution

Create an allow rule for either Port or Application Proxy and the allow rule will work.
Example:
Action: Allow
Access Type: Application Proxy
Access Details:
Proxy: HTTP
Origin Server Port: 443
Source: Any
Destination: Specified DNS Hostname: Support.Novell.com

The same type rule can be created using Access Type of PORT and specifying the port as 443.
Destination, once again, is specified and DNS Hostname = Support.Novell.com

Additional Information

Example of the Access Rule:
Action: Allow
Access Type: URL
Access Details: (Grayed out)
Source: Any
Destination: Specified http://support.Novell.com/
The access control rules may be functioning as designed. An SPD has been submitted on the issue. If the access control rules are NOT designed to work this way then HTTP should be the ONLY option. A user should not be allowed to modify the rule to specify a different protocol.
This has been implemented in version 3.9, where iManager does not allow to enter a https schema. In version 3.9 is still needed to create a port or application rule to allow access to https sites as it was in previous versions.

Formerly known as TID# 10023250