Configuring a rule - PingAccess - 8.0


PingAccess 8.0 (Latest)

Rules are used to control the circumstances under which users can access the protected API. Rules can grant or deny access based on criteria such as user parameters from the token provider, header values, network ranges, or web session attributes. You can configure any number of rules in your environment.

You can combine rules into rule sets, which combine multiple rules. You can configure rule sets to allow access to a resource if at least one rule's criteria is met, or to only allow access if all rules have their criteria met. Access control rules are processed before processing rules. Each type of rule is otherwise processed in the order you specify when you create the rule set.

You can further combine rule sets into rule set groups, which combine multiple rule sets. As with rule sets, rule set groups can allow access if any one rule set's criteria are met, or only if all rule sets' criteria are met. Rule sets are processed in the order you specify when you create the rule set group.

This example uses an HTTP requestHTTP request A client transaction sent over HTTP to the server specifying a request method (such as GET, POST, DELETE) to execute against a resource or resources on the server. header rule to demonstrate how rules are created and used. Each environment has different requirements, and you can use any of the rules explained in the Rule management section according to your needs.

  1. Click Access and then go to Rules > Rules.
  2. Click + Add Rule.
  3. In the Name field, enter a unique name. The name can be up to 64 characters long. Special characters and spaces are allowed.
  4. From the Type menu, select HTTP Request Header.
  5. In the Field column, in the Header field, enter the HTTP headerHTTP header A section of an HTTP request or response that conveys additional information relevant to the client or server in the transaction. name you want to match in order to grant or not grant the client access.
  6. In the Value field, enter the values for the header you want to match in order to grant or not grant the client access. The wildcard (*) character is supported.
    Tip: If you want to match on the Host header, include both the host and port in the Value field, or add a wildcard after the host name ( host* or host:*) to match what is in the HTTP request.
  7. If you need additional header pairs, click Add Row to add an additional row, then repeat steps 5-6.
  8. Click Save.