Rules are used to control the circumstances under which users can access the protected web server. Rules can grant or deny access based on criteria such as user parameters from the token provider, header values, network ranges, or web session attributes. You can configure any number of rules in your environment.
You can combine rules into rule sets, which combine multiple rules. You can configure rule sets to allow access to a resource if at least one rule's criteria is met or to only allow access if all rules have their criteria met. Access control rules are processed before processing rules. Each type of rule is otherwise processed in the order you specify when you create the rule set.
You can further combine rule sets into rule set groups, which combine multiple rule sets. As with rule sets, rule set groups can allow access if any one rule set's criteria are met or only if all rule sets' criteria are met. Rule sets are processed in the order you specify when you create the rule set group.
This example uses an HTTP request header rule to demonstrate how rules are created and used. Each environment has different requirements, and you can use any of the rules explained in the Rule Management section according to your needs.
- Click Access and then go to .
- Click + Add Rule.
In the Name field, enter a unique name.
The name can be up to 64 characters long. Special characters and spaces are allowed.
- In the Type list, select HTTP Request Header.
- In the Field column, in the Header field, enter the header name you want to match in order to grant or not grant the client access.
In the Value field, enter the for the header you want to
match in order to grant or not grant the client access.
The wildcard (*) character is supported.Tip:
If you want to match on the
Hostheader, include both the host and port in the Value field, or add a wildcard after the host name (
host:*) to match what's in the HTTP request.
- If you need additional header pairs, click Add Row to add an additional row, then repeat steps 5-6.
- Click Save.