Creating a Custom Web Application Resource Profile
A custom Web application resource profile is a resource profile that controls access to a Web application, Web server, or HTML page.
To create a custom Web application resource profile:
1.In the admin console, select Users > Resource Profiles > Web.
2.Click New Profile.
3.From the Type list, choose Custom.
4.Enter a unique name and optionally a description for the resource profile.
5.In the Base URL field, enter the URL of the Web application or page for which you want to control access using the format: [protocol://]host[:port][/path]. (The system uses the specified URL to define the default bookmark for the resource profile.)
6.In the Autopolicy: Web Access Control section, create a policy that allows or denies users access to the resource specified in the Base URL field. (By default, the system automatically creates a policy for you that enables access to the Web resource and all of its sub-directories.)
7.(Optional) Click Show ALL autopolicy types to create additional autopolicies that fine-tune access to the resource. Then, create the autopolicies using instructions in the following sections:
8.Click Save and Continue.
9.In the Roles tab, select the roles to which the resource profile applies and click Add.
The selected roles inherit the autopolicies and bookmarks created by the resource profile. If it is not already enabled, the system also automatically enables the Web option in the Users > User Roles > Select Role > General > Overview page of the admin console for all of the roles you select.
10.Click Save Changes.
11.(Optional) In the Bookmarks tab, modify the default bookmark created by the system and/or create new ones. (By default, the system creates a bookmark to the base URL defined in the Base URL field and displays it to all users assigned to the role specified in the Roles tab.)
Defining Base URLs
When creating a Web resource profile, you must use the following format when defining base URLs:
[protocol://]host[:port][/path]
Within this format, the components are:
•Protocol (required) - Possible values: http:// and https://. Note that you cannot use special characters within the protocol.
•Host (required) - Possible values:
•DNS Hostname - For example: www.pulsesecure.net
•IP address - You must enter the IP address in the format: a.b.c.d.
For example: IPv4 format: 10.11.149.2. IPv6 format: [2001:db8:a0b:12f0::1/64]:80,443/public/*
[2001:db8:a0b:12f0::1/64]:8000-9000/*. You cannot use special characters in the IP address.
•Ports (optional) - You must use the delimiter ":" when specifying a port. For example: 10.11.149.2/255.255.255.0:*
•Path (optional) - When specifying a path for a base URL, the system does not allow special characters. If you specify a path, you must use the "/" delimiter. For example, http://www.pulsesecure.net/sales.
Defining Web Resources
When creating a Web resource profile, you must use the following format when defining resources for autopolicies:
[protocol://]host[:ports][/path]
Within this format, the four components are:
•Protocol (required) - possible values: http:// and https://. Note that you cannot use special characters within the protocol.
•Host (required) - possible values:
•DNS Hostname - For example: www.pulsesecure.net
The following table lists the special characters allowed in the hostname.
DNS Hostname Special Characters
|
* |
Matches ALL characters. |
|
% |
Matches any character except dot (.) |
|
? |
Matches exactly one character |
•IP address/Netmask - You must enter the IP address in the format: a.b.c.d
You may use one of two formats for the netmask:
•Prefix: High order bits
•IP: a.b.c.d
For example: IPv4 format: 10.11.149.2. IPv6 format: [2001:db8:a0b:12f0::1/64]:80,443/public/*
[2001:db8:a0b:12f0::1/64]:8000-9000/*. You cannot use special characters in the IP address. You cannot use special characters in the IP address or netmask.
•Ports (optional) - You must use the delimiter ":" when specifying a port. For example: 10.11.149.2/255.255.255.0:*
The following table lists the possible port values.
|
* |
Matches ALL ports; you cannot use any other special characters |
|
port[,port]* |
A comma-delimited list of single ports. Valid port numbers are [1-65535]. |
|
[port1]-[port2] |
A range of ports, from port1 to port2, inclusive. |
You can mix port lists and port ranges, such as: 80,443,8080-8090
If the port is missing, then the default port 80 is assigned for http, 443 for https.
•Path (optional) - When specifying a path for a Web access control autopolicy, you may use a * character, meaning ALL paths match. (The system does not support any other special characters.) If you specify a path, you must use the "/" delimiter. For example:
•http://www.pulsesecure.net/sales