Environment
Formerly TID 2950186
Novell BorderManager 3.0
Novell BorderManager 3.5
Novell BorderManager 3.6
Novell BorderManager 3.7
Novell BorderManager 3.8
Novell BorderManager 3.9
Novell BorderManager 3.0
Novell BorderManager 3.5
Novell BorderManager 3.6
Novell BorderManager 3.7
Novell BorderManager 3.8
Novell BorderManager 3.9
Situation
An access control rule that is meant to allow HTTPS based on URL as"Access type" fails.
Tried to access electronic incident support at support.novell.com will receive a 403 error after they attempt to login.
Can't access HTTPS sites with Access Rules enabled
Tried to access electronic incident support at support.novell.com will receive a 403 error after they attempt to login.
Can't access HTTPS sites with Access Rules enabled
Resolution
Create an allow rule for either Port or Application Proxy and the
allow rule will work.
Example:
Action: Allow
Access Type: Application Proxy
Access Details:
Proxy: HTTP
Origin Server Port: 443
Source: Any
Destination: Specified DNS Hostname: Support.Novell.com
The same type rule can be created using Access Type of PORT and specifying the port as 443.
Destination, once again, is specified and DNS Hostname = Support.Novell.com
Example:
Action: Allow
Access Type: Application Proxy
Access Details:
Proxy: HTTP
Origin Server Port: 443
Source: Any
Destination: Specified DNS Hostname: Support.Novell.com
The same type rule can be created using Access Type of PORT and specifying the port as 443.
Destination, once again, is specified and DNS Hostname = Support.Novell.com
Additional Information
Example of the Access Rule:
Action: Allow
Access Type: URL
Access Details: (Grayed out)
Source: Any
Destination: Specified http://support.Novell.com/
The access control rules may be functioning as designed. An SPD has been submitted on the issue. If the access control rules are NOT designed to work this way then HTTP should be the ONLY option. A user should not be allowed to modify the rule to specify a different protocol.
This has been implemented in version 3.9, where iManager does not allow to enter a https schema. In version 3.9 is still needed to create a port or application rule to allow access to https sites as it was in previous versions.
Formerly known as TID# 10023250
Action: Allow
Access Type: URL
Access Details: (Grayed out)
Source: Any
Destination: Specified http://support.Novell.com/
The access control rules may be functioning as designed. An SPD has been submitted on the issue. If the access control rules are NOT designed to work this way then HTTP should be the ONLY option. A user should not be allowed to modify the rule to specify a different protocol.
This has been implemented in version 3.9, where iManager does not allow to enter a https schema. In version 3.9 is still needed to create a port or application rule to allow access to https sites as it was in previous versions.
Formerly known as TID# 10023250