Forexample,youmaycreatearesourceprofilethatcontrolsaccesstoyourcompany
intranet.Withintheprofile,youmayspecify:
Resourceprofilename:YourIntranet
Primaryresource:http://intranet.com
Webaccesscontrolautopolicy:Allowaccesstohttp://intranet.com:80/*
Roles:Sales,Engineering
Whenyoucreatethispolicy,theSASeriesApplianceautomaticallycreatesabookmark
called“YourIntranet”enablingaccesstohttp://intranet.comanddisplaysthebookmark
tomembersoftheSalesandEngineeringroles.
Youmaythenchoosetocreatethefollowingadditionalbookmarkstoassociatewith
theresourceprofile:
“SalesIntranet”bookmark:Createsalinktothehttp://intranet.com/salespageand
displaysthelinktomembersoftheSalesrole.
“EngineeringIntranet”bookmark:Createsalinktothehttp://intranet.com/engineering
pageanddisplaysthelinktomembersoftheEngineeringrole.
Whenconfiguringbookmarks,notethat:
Youcanonlyassignbookmarkstorolesthatyouhavealreadyassociatedwiththe
resourceprofile—notalloftherolesdefinedontheSASeriesAppliance.Tochange
thelistofrolesassociatedwiththeresourceprofile,usesettingsinitsRolestab.
BookmarkssimplycontrolwhichlinkstheSASeriesAppliancedisplaystousers—not
whichresourcestheuserscanaccess.Forinstance,intheexampleusedabove,a
memberoftheSalesrolewouldnotseealinktotheEngineeringIntranetpage,buthe
couldaccessitbyenteringhttp://intranet.com/engineeringhisWebbrowser’saddress
bar.
YoucannotcreatebookmarksthatlinktoadditionalURLsanddomainsdefinedthrough
Webaccesscontrolautopolicies.
YoucanusetwodifferentmethodstocreateWebbookmarks:
Createbookmarksthroughexistingresourceprofiles(recommended)—Whenyou
selectthismethod,theSASeriesApplianceautomaticallypopulatesthebookmark
withkeyparameters(suchastheWebinterface(NFuse)URL)usingsettingsfromthe
resourceprofile.Additionally,whileyouarecreatingtheassociatedresourceprofile,
theSASeriesApplianceguidesyouthroughtheprocessofcreatinganyrequiredpolicies
toenableaccesstothebookmark.
Createstandardbookmarks—Whenyouselectthisoption,youmustmanuallyenter
allbookmarkparametersduringconfiguration.Additionally,youmustenableaccess
totheWebfeatureandcreateresourcepoliciesthatenableaccesstotheWebsites
definedinthebookmark.
CreatingBookmarksThroughExistingResourceProfiles
425
Copyright©2012,JuniperNetworks,Inc.
Chapter20:WebRewriting
Pdf font size change - Compress reduce PDF size in C#.net, ASP.NET, MVC, Ajax, WinForms, WPF
C# Code & .NET API to Compress & Decompress PDF Document
can a pdf file be compressed; best online pdf compressor
Pdf font size change - VB.NET PDF File Compress Library: Compress reduce PDF size in vb.net, ASP.NET, MVC, Ajax, WinForms, WPF
VB.NET PDF Document Compression and Decompression Control SDK
300 dpi pdf file size; pdf text box font size
ToconfigureWebresourceprofilebookmarks:
1.
Ifyouwanttocreatearesourceprofilebookmarkthroughthestandardresource
profilespage:
a.
Intheadminconsole,selectUsers>ResourceProfiles>Web>ResourceProfile
Name>Bookmarks.
b.
ClicktheappropriatelinkintheBookmarkcolumnifyouwanttomodifyanexisting
bookmark.Or,clickNewBookmarktocreateanadditionalbookmark.
Alternatively,ifyouwanttocreatearesourceprofilebookmarkthroughtheuserroles
page:
a.
Intheadminconsole,selectUsers>UserRoles>RoleName>Web>Bookmarks.
b.
ClickNewBookmark.
c.
FromtheTypelist,choosePickaWebResourceProfile.(TheSASeriesAppliance
doesnotdisplaythisoptionifyouhavenotalreadycreatedaWebresourceprofile.)
d.
Selectanexistingresourceprofile.
e.
ClickOK.(Ifyouhavenotalreadyassociatedtheselectedrolewiththeresource
profile,theSASeriesApplianceautomaticallymakestheassociationforyou.The
SASeriesAppliancealsoenablesanyaccesscontrolpoliciesfortherolethatare
requiredbytheresourceprofile.)
f.
Ifthisroleisnotalreadyassociatedwiththeselectedresourceprofile,theSASeries
Appliancedisplaysaninformationalmessage.Ifyouseethismessage,clickSave
Changestoaddthisroletotheresourceprofile’slistofrolesandtoupdatethe
profile’sautopoliciesasrequired.Then,repeatthepreviousstepstocreatethe
bookmark.
Whenyoucreatearesourceprofilebookmarkthroughtheuserrolespage(instead
ofthestandardresourceprofilespage),theSASeriesApplianceonlyassociates
thegeneratedbookmarkwiththeselectedrole.TheSASeriesAppliancedoesnot
assignthebookmarktoalloftherolesassociatedwiththeselectedresourceprofile.
2.
Optionallychangethenameanddescriptionofthebookmark.(Bydefault,theSA
SeriesAppliancepopulatesnamesthebookmarkusingtheresourceprofilename.)
3.
IntheURLfield,addasuffixtotheURLifyouwanttocreatelinkstosub-sectionsof
thedomaindefinedintheprimaryresourceprofile.
MakesuretoenterauniqueURLinthisfield.Ifyoucreatetwobookmarkswiththe
sameURL,theSASeriesAppliancedeletesoneofthebookmarksfromtheend-user
view.Youwillstillbeabletoseebothbookmarks,however,intheadministrator
console.
4.
UnderOptions,selecttheBookmarkopensinnewwindowcheckboxifwanttoenable
theSASeriesAppliancetoautomaticallyopentheWebresourceinanewbrowser
window.Next,select:
Copyright©2012,JuniperNetworks,Inc.
426
JunosPulseSecureAccessServiceAdministrationGuide
C# PDF insert text Library: insert text into PDF content in C#.net
Powerful .NET PDF edit control allows modify existing scanned PDF text. Ability to change text font, color, size and location and output a new PDF document.
adjust pdf size preview; change paper size pdf
C# PDF Annotate Library: Draw, edit PDF annotation, markups in C#.
Able to edit and change PDF annotation properties such as font size or color. Abilities to draw markups on PDF document or stamp on PDF file.
change paper size in pdf document; best pdf compressor online
Donotdisplaybrowseraddressbar—Selectthisoptiontoremovetheaddressbar
fromthebrowserwindow.ThisfeatureforcesallWebtrafficthroughtheSASeries
AppliancebyprecludingusersinthespecifiedrolefromtypinganewURLinthe
addressbar,whichcircumventstheSASeriesAppliance.
Donotdisplaybrowsertoolbar—Selectthisoptiontoremovethemenuandtoolbar
fromthebrowser.Thisfeatureremovesallmenus,browsingbuttons,andbookmarks
fromthebrowserwindowsothattheuserbrowsesonlythroughtheSASeries
Appliance.
5.
Ifyouareconfiguringthebookmarkthroughtheresourceprofilepages,underRoles,
specifytherolestowhichyouwanttodisplaythebookmark:
ALLselectedroles—Selectthisoptiontodisplaythebookmarktoalloftheroles
associatedwiththeresourceprofile.
Subsetofselectedroles—Selectthisoptiontodisplaythebookmarktoasubset
oftherolesassociatedwiththeresourceprofile.ThenselectrolesfromtheALL
SelectedRoleslistandclickAddtomovethemtotheSubsetofselectedroleslist.
6.
ClickSaveChanges.
CreatingStandardWebBookmarks
Informationinthissectionisprovidedforbackwardscompatibility.Werecommendthat
youconfigureaccesstoWebURLsandserversthroughresourceprofilesinstead,since
theyprovideasimpler,moreunifiedconfigurationmethod.
UsetheBookmarkstabtocreatebookmarksthatappearonthewelcomepageforusers
mappedtothisrole.Youcancreatetwotypesofbookmarksthroughthispage:
WebURLbookmarks—ThesebookmarkslinktheusertoWebURLsontheWorldWide
WeboronyourcorporateIntranet.WhenyoucreateWebbookmarks,youcaninsert
theuser’sSASeriesApplianceusernameintheURLpathtoprovidesinglesign-on
accesstoback-endWebapplications.ForWebbookmarkconfigurationinstructions,
seetheinstructionsthatfollow.
Javaappletbookmarks—ThesebookmarkslinktheusertoaJavaappletsthatyou
uploadtotheSASeriesAppliancethroughtheUsers>ResourceProfiles>Web>
HostedJavaAppletspageoftheadminconsole.
Whenyoucreateeitherofthesebookmarktypes,thecorrespondinglinksappearon
thewelcomepageforusersmappedtothisrole.
TocreateabookmarktoaWebresource:
1.
Intheadminconsole,chooseUsers>UserRoles>Role>Web>Bookmarks.
2.
ClickNewBookmark.
3.
SelectStandard.
4.
Enteranameanddescriptionforthebookmark(optional).Thisinformationdisplays
ontheSASeriesAppliancehomepageinsteadoftheURL.
427
Copyright©2012,JuniperNetworks,Inc.
Chapter20:WebRewriting
C# PDF Convert to Word SDK: Convert PDF to Word library in C#.net
PDF document, keeps the elements (like images, tables and chats) of original PDF file and maintains the original text style (including font, size, color, links
adjust pdf page size; change font size in fillable pdf
Generate Barcodes in Web Image Viewer| Online Tutorials
Select "Font" to choose human-readable text font style, color, size and effects; RasterEdge OCR Engine; PDF Reading; Encode & Decode JBIG 2 Files; Compress &
adjust size of pdf; apple compress pdf
5.
EntertheURLtobookmark.Ifyouwanttoinserttheuser’susername,enter
<username>attheappropriateplaceintheURL.
MakesuretoenterauniqueURLinthisfield.Ifyoucreatetwobookmarkswiththe
sameURL,theSASeriesAppliancedeletesoneofthebookmarksfromtheend-user
view.Youwillstillbeabletoseebothbookmarks,however,intheadministrator
console.
6.
UnderAuto-allow,clickAuto-allowBookmarktoenabletheSASeriesAppliance
toautomaticallycreateacorrespondingWebaccessresourcepolicy.Notethatthis
functionalityappliesonlytorolebookmarksandnotbookmarkscreatedbyusers.
Next,select:
OnlythisURLtoallowuserstoaccessonlytheURL.
EverythingunderthisURLtoallowtheusertoaccessanypathundertheURL.
YoumaynotseetheAuto-allowoptionifyouareusinganewinstallationorifan
administratorhidestheoption.
7.
UnderDisplayoptions,clickOpenbookmarkinanewwindow
toenabletheSASeriesAppliancetoautomaticallyopentheWebresourceinanew
browserwindow.Notethatthisfunctionalityappliesonlytorolebookmarksand
notbookmarkscreatedbyusers.Next,select:
DonotdisplaytheURLaddressbarifyouwanttoremovetheaddressbarfrom
thebrowserwindow.ThisfeatureforcesallWebtrafficthroughtheSASeries
AppliancebyprecludingusersinthespecifiedrolefromtypinganewURLinthe
addressbar,whichcircumventstheSASeriesAppliance.
Donotdisplaythemenuandthetoolbartoremovethemenuandtoolbarfrom
thebrowser.Thisfeatureremovesallmenus,browsingbuttons,andbookmarks
fromthebrowserwindowsothattheuserbrowsesonlythroughtheSASeries
Appliance.
8.
ClickSaveChangesorSave+Newtoaddanother.
Related
Documentation
DefiningResourceProfileBookmarksonpage120
UsingSystemVariablesinRealms,Roles,andResourcePoliciesonpage1022
SpecifyingWebBrowsingOptions
TheSASeriesApplianceenablesyoutoconfigureawide-varietyofWebbrowsingoptions
forauserrole.
ConfiguringBasicWebBrowsingOptions
Copyright©2012,JuniperNetworks,Inc.
428
JunosPulseSecureAccessServiceAdministrationGuide
VB.NET Image: Visual Basic .NET Guide to Draw Text on Image in .
you can adjust the text font, font size, font type (regular LoadImage) Dim DrawFont As New Font("Arial", 16 & profession imaging controls, PDF document, image to
pdf files optimized; pdf page size limit
C# Image: Use C# Class to Insert Callout Annotation on Images
GIF, PNG, BMP, JPEG, TIFF, PDF & Word Easy to set annotation filled font property individually Support adjusting callout annotation size parameter in an easy
.pdf printing in thumbnail size; pdf reduce file size
ToconfigurebasicWebbrowsingoptionsforarole:
1.
Intheadminconsole,chooseUsers>UserRoles>RoleName>Web>Options.
2.
SelectUsercantypeURLsinIVEbrowsebarifyouwanttoenableuserstoenter
URLsonthewelcomepageandbrowsetoInternetsites.
3.
SelectUsercanaddbookmarksifyouwanttoenableuserstocreatepersonalWeb
bookmarksontheSASeriesAppliancewelcomepage.
4.
SelectMaskhostnameswhilebrowsingifyouwanttheSASeriesApplianceto
obscurethetargetresourcesintheURLstowhichusersbrowse.Whenyouselectthis
option,theSASeriesAppliancemasksIPaddressesandhostnamesintheuser’s:
Webbrowseraddressbar(whentheusernavigatestoapage)
Webbrowserstatusbar(whenauserhoversoverahyperlink)
HTMLsourcefiles(whentheuserchoosestoViewSource)
Thehostnameencodingfeature(alsocalledhostnameobfuscationorURL
obfuscation)preventscasualobserversfromnotingtheURLofaninternalresource
byobscuringthetargetserverwithintheURLwithoutmaskingthefullpathname,
targetfile,orportnumber.Forexample,ifausernavigatestowww.msn.comwithout
selectiverewritingorhostnameencodingenabled,theSASeriesAppliancedisplays
anun-obscuredURLinhisWebbrowser’saddressbar:
http://www.msn.com/
Ifyouthenenableselectiverewriting,theSASeriesAppliancemightdisplaythe
followingURL:
https://mycompanyserver.com/,DanaInfo=www.msn.com,SSO=U+
Ifyouthenenablehostnameencoding,andthesameusernavigatestothesamesite,
heseesaURLinwhichthehostname(www.msn.com)isobscured:
https://i5.asglab.juniper.net/,DanaInfo=.awxyCqxtGkxw,SSO=U+
Hostnameencodingusesalightweightreversiblealgorithmsothatuserscan
bookmarkencodedURLs.(TheSASeriesAppliancecantranslatetheencodedURL
andresolveitbacktotheoriginalURL.)Forcompatibility,previouslycreatedbookmarks
tounmaskedURLscontinuetoworkwhenhostnameencodingisenabled.
Notethefollowing:
Ifyouenableselectiverewritingandhostnameencoding,theSASeriesAppliance
onlyobscuresthehostnamesandIPaddressesofthoseserversthatyouhave
chosentorewriteusingtheselectiverewritefeature.
LinksnotrewrittenbytheSASeriesAppliancearenotobscured.Forexample,the
rewriterdoesnotintermediateftp,rtsp,mmsandmailtolinksandthereforethe
hostnamesintheselinksarenotmasked.Thisisrequiredtopasssecurityaudits.
429
Copyright©2012,JuniperNetworks,Inc.
Chapter20:WebRewriting
Generate Image in .NET Winforms Imaging Viewer| Online Tutorials
Click "Font" to choose human-readable text font style, color, size and effects Multi-page Tiff Processing; RasterEdge OCR Engine; PDF Reading; Encode & Decode
best pdf compression; pdf compressor
C# PDF: Use C# Code to Add Watermark to PDF Document
into your C#.NET class application, developers can easily add a transparent watermark with desired font color, size and position onto target PDF document page.
pdf compression; change font size pdf form reader
Ifyouenabletheframedtoolbarandhostnameencoding,theSASeriesAppliance
doesnotobscurehostnamesthattheuserentersintheframedtoolbar’sbrowse
field.
TheSASeriesAppliancedoesnotobscurehostnamesandIPaddressesinlog
entries,includinghostnameencodinglogentries.
5.
ClickSaveChanges.
ConfiguringAdvancedWebBrowsingOptions
ToconfigureadvancedWebbrowsingoptionsforarole:
1.
Intheadminconsole,chooseUsers>UserRoles>RoleName>Web>Options.
2.
SelecttheViewadvancedoptionscheckbox.
3.
SelectAllowJavaappletsifyouwanttoenableuserstobrowsetoWebpages
containingclient-sideJavaapplets.TheSASeriesApplianceserverappearstothe
applicationserverasabrowseroverSSL.TheSASeriesAppliancetransparently
handlesanyHTTPrequestsandTCPconnectionsinitiatedbyaJavaappletand
handlessignedJavaapplets.
Ifyouenablethisfeature,userscanlaunchJavaappletsandrunapplicationsthatare
implementedasclient-sideJavaapplets,suchastheVirtualComputing(VNC)Java
client,CitrixNFuseJavaclient,WRQReflectionsWebclient,andLotusWebMail.
4.
SelectAllowFlashcontenttoenabletheSASeriesAppliancetointermediateFlash
contentthroughitsContentIntermediationEngine.NotethatSASeriesAppliance
provideslimitedsupportforActionScript2.0andFlashRemoting,anddoesnotsupport
XMLSocketconnections.
TheContentIntermediationEnginesupportsFlashversions5,6,7and8,including
dynamicrewritingofinternalWeblinksduringanaccessrequest.Wesupportthe
rewritingofActionscriptinFlash.ThecallsinActionscriptthataresupportedare:load,
send,sendAndLoad,loadVariables,loadMovie,loadVariablesNum,loadMovieNum,
loadClip,loadSound,apply,connectonclassesofXML,Sound,MovieClip,
NetConnection,andMovieClipLoader.TheevalequivalentofActionscriptisnot
supported.Thereforewerecommendthattheabovefunctioncallsnotbeembedded
inanActionscriptstringobject.Note,however,thatSecureAccessdoesnotsupport
FlashapplicationsthatusetheXMLSocketobjectorFlashremoting.Formore
information,seetheContentIntermediationEngineBestPracticesGuide.
5.
SelectPersistentcookiestoenableuserstocustomizetheirbrowsingexperiences
byenablingthemtokeeppersistentcookies.Bydefault,theSASeriesAppliance
flushesWebcookiesthatarestoredduringausersession.Ausercandeletecookies
throughtheAdvancedPreferencespageifyouenablethisoption.
6.
SelectUnrewrittenpagesopeninnewwindowtoconfiguretheSASeriesAppliance
toopencontentinanewbrowserwindowwhenauseraccessaun-rewrittenWeb
page.Openingcontentinanewwindowscanhelpremindusersthattheystillhavea
securesession.Whenauserrequestismadetoaresourcetowhichthisoptionapplies,
theSASeriesAppliancedisplaysapagethatcontainsalinktotherequestedresource
anddirectstheuserstoclickonthelink.Thislinkopenstheresourceinanewbrowser
Copyright©2012,JuniperNetworks,Inc.
430
JunosPulseSecureAccessServiceAdministrationGuide
windowandthepagefromwhichtherequestoriginatescontinuestodisplayinthe
SASeriesAppliance.
Ifyouun-checkthisbox,usersmightnotrealizethattheirSASeriessessionisstill
activeandthattoreturntotheSASeriesAppliance,theyneedtousethebrowser’s
Backbutton.UsersmustreturntotheSASeriesAppliancetosignout.Iftheysimply
closethebrowserwindow,theirsessionsremainactiveuntilthesessiontimelimit
expires.
7.
SelectAllowbrowsinguntrustedSSLWebserverstoenableuserstoaccessuntrusted
WebsitesthroughtheSASeriesAppliance.UntrustedWebsitesarethosewhose
servercertificatesarenotinstalledthroughtheSystem>Configuration>Certificates
>TrustedServersCAstaboftheadminconsole.
NOTE: IfawebpagehasinternalreferencestofileswithinaSCRIPTtag
andthesefilesarehostedondifferentHTTPSserversthathaveSSL
certificatesnottrustedbytheSASeriesAppliance,thewebpagedoes
notrendercorrectly.Inthesecases,theWarnusersaboutthecertificate
problemsoptionmustbedisabled.
Ifyouenablethisoption,youcanspecifywhatchoicestheSASeriesAppliancegives
userswhentheynavigatetoanuntrustedWebsite:
Warnusersaboutthecertificateproblems—Ifenabled,theSASeriesAppliance
displaysawarningtotheuserwhenhefirstaccessesanuntrustedWebsitetelling
himwhythesite’scertificateisuntrustedandallowinghimtoeithercontinueor
cancel.IftheuserchoosestocontinueaftertheSASeriesAppliancedisplaysa
warning,theSASeriesAppliancedoesnotdisplayanymorewarningsforthatsite
duringthecurrentSASeriesAppliancesession.
IfyouselecttheWarnusersaboutthecertificateproblemsoptionandtheuser
accessesnon-HTMLcontent(suchasimages,js,andcss)servedfromadifferent
SSLserverthantheHTMLpage,thepagecontainingthelinksmaynotdisplay
correctly.Youcanavoidthisproblemeitherbydeselectingthisoptionorbyuploading
avalidproductionSSLcertificateontheserversthatservethenon-HTMLcontent.
Allowuserstobypasswarningsonaserver-by-serverbasis—Ifenabled,theSA
SeriesApplianceallowstheusertosuppressallfurtherwarningsforanuntrusted
Website.Ifauserchoosesthisoption,heneverseesawarningforthissiteagain,
providedthatheaccessesitfromthecurrentSASeriesApplianceorcluster.
IfyouchoosetoallowuserstoaccessuntrustedWebsiteswithoutseeingawarning,
theSASeriesAppliancestilllogsamessagetotheuseraccesslogwheneverauser
navigatestoanuntrustedsite.Alsonotethatifauserchoosestosuppresswarnings,
hecanclearthepersistentsettingsoftheuntrustedWebsitesusingtheDelete
PasswordsoptionintheSystem>Preferences>Advancedtabintheenduser
console.
8.
SelectRewritefile://URLstoconfiguretheSASeriesAppliancetorewritefile://
URLssothattheyareroutedthroughtheSASeriesAppliance’sfilebrowsingCGI.
431
Copyright©2012,JuniperNetworks,Inc.
Chapter20:WebRewriting
9.
SelectRewritelinksinPDFfilestoconfiguretheSASeriesAppliancetorewrite
hyperlinksinPDFs.
10.
UnderHTTPConnectionTimeout,acceptthedefaultvalueorsetthedurationtotell
theSASeriesAppliancehowlongtowaitforaresponsefromanHTTPserverbefore
timingoutandclosingtheconnection.Usevaluesfrom30to1800seconds.
HighertimeoutvaluesmightexhaustSASeriesApplianceresourcesifapplications
donotcloseconnectionsproperlyortaketoolongtoclosetheconnections.Unless
anapplicationrequiresahighertimeoutvalue,werecommendacceptingthedefault
value.
11.
ClickSaveChanges.
Related
Documentation
WebRewritingonpage404
DefiningResourceProfileBookmarksonpage120
UsingSystemVariablesinRealms,Roles,andResourcePoliciesonpage1022
CreatingaHostedJavaAppletResourceProfileonpage373
ResourcePolicyOverview
WhenyouenabletheWebaccessfeatureforarole,youneedtocreateresourcepolicies
thatspecifywhichresourcesausercanaccess,whetherornottheSASeriesAppliance
needstorewritethecontentrequestedbytheuser,andcaching,applet,orsinglesign-on
requirements.ForeveryWebrequest,theSASeriesAppliancefirstevaluatestherewriting
policiesyouconfigure.Iftheuser’srequestistoaresourcespecifiedas“don’trewrite”
duetoeitheraselectiverewritingorpassthroughproxyresourcepolicy,thentheSASeries
Applianceforwardstheuser’srequesttotheappropriateback-endresource.Otherwise,
theSASeriesAppliancecontinuestoevaluatethoseresourcepoliciescorrespondingto
therequest,suchasJavaresourcepoliciesforarequesttofetchaJavaapplet.After
matchingauser’srequesttoaresourcelistedinarelevantpolicy,theSASeriesAppliance
performstheactionspecifiedfortheresource.
Youcancreateresourcepoliciesthroughthestandardinterface(asdescribedinthis
section)orthroughresourceprofiles(recommendedmethod).
WhenwritingaWebresourcepolicy,youneedtosupplykeyinformation:
Resources—Aresourcepolicymustspecifyoneormoreresourcestowhichthepolicy
applies.WhenwritingaWebpolicy,youneedtospecifyWebserversorspecificURLs,
asexplainedinthesectionthatfollows.
Roles—Aresourcepolicymustspecifytherolestowhichitapplies.Whenausermakes
arequest,theSASeriesAppliancedetermineswhatpoliciesapplytotheroleandthen
evaluatesthosepoliciesthatcorrespondtotherequest.
Actions—Eachtypeofresourcepolicyperformsacertainaction,whichiseithertoallow
ordenyaresourceortoperformornotperformsomefunction,suchasrewritecontent,
re-signanapplet,orpostWebdata.Youcanalsowritedetailedrulesthatapplymore
conditionstoauserrequest.
Copyright©2012,JuniperNetworks,Inc.
432
JunosPulseSecureAccessServiceAdministrationGuide
TheSASeriesApplianceplatform’senginethatevaluatesresourcepoliciesrequiresthat
theresourceslistedinapolicy’sResourceslistfollowacanonicalformat.
CanonicalFormat
ThissectionoutlinesspecialconsiderationsyoumustconsiderwhenspecifyingaWeb
resourceusingthecanonicalformat.
[protocol://]host[:ports][/path]
Thefourcomponentsare:
Protocol(optional)—Possiblevalues:httpandhttps(case-insensitive)
Iftheprotocolismissing,thenbothhttpandhttpsareassumed.Ifaprotocolisspecified,
thenthedelimiter“://”isrequired.Nospecialcharactersareallowed.
Host(required)—Possiblevalues:
DNSHostname—Forexample:www.juniper.com
Specialcharactersallowedaredescribedinthefollowingtable.
MatchesALLcharacters
*
Matchesanycharacterexceptdot(.)
%
Matchesexactlyonecharacter
?
IPaddress/Netmask—TheIPaddressneedstobeintheformat:a.b.c.d
Thenetmaskcanbeinoneoftwoformats:
Prefix:Highorderbits
IP:a.b.c.d
Forexample:10.11.149.2/24or10.11.149.2/255.255.255.0
Nospecialcharactersareallowed.
Ports—YoumustspecifyaportwhenspecifyingIP/netmaskasaresource.Theportis
optionalwhenspecifyingaDNShostname.Ifaportisspecified,thenthedelimiter“:”
isrequired.Forexample:10.11.149.2/255.255.255.0:*
Table23:PortPossibleValues
MatchesALLports;nootherspecialcharactersareallowed
*
Acomma-delimitedlistofsingleports.Validportnumbersare[1-65535].
port[,port]*
Arangeofports,fromport1toport2,inclusive.
[port1]-[port2]
NOTE: Youcanmixportlistsandportranges,suchas:80,443,8080-8090
433
Copyright©2012,JuniperNetworks,Inc.
Chapter20:WebRewriting
Iftheportismissing,thenthedefaultport80isassignedforhttp,443forhttps.
Path(optional)—Ifthepathismissing,thenstar(*)isassumed,meaningALLpaths
match.Ifapathisspecified,thenthedelimiter“/”isrequired.Nootherspecialcharacters
aresupported.Forexample:
http://www.juniper.com:80/*
https://www.juniper.com:443/intranet/*
*.yahoo.com:80,443/*
%.danastreet.net:80/share/users/<username>/*
WritingaWebAccessResourcePolicy
WebaccessresourcepoliciescontrolwhichWebresourcesuserscanaccessinorderto
connecttotheInternet,intranet,orextranet.YoucandenyorallowaccesstoWeb
resourcesbyURLorIPrange.ForURLs,youcanusethe“*”and“?”wildcardstoefficiently
specifymultiplehostnamesandpaths.Forresourcesthatyouspecifybyhostname,you
canalsochooseeitherHTTP,HTTPS,orbothprotocols.
TowriteaWebAccessresourcepolicy:
1.
Intheadminconsole,chooseUsers>ResourcePolicies>Web>WebACL.
2.
OntheWebAccessPoliciespage,clickNewPolicy.
3.
OntheNewPolicypage,enteranametolabelthispolicyandoptionallyadescription.
4.
IntheResourcessection,specifytheresourcestowhichthispolicyapplies.
5.
IntheRolessection,specify:
PolicyappliestoALLroles—Toapplythispolicytoallusers.
PolicyappliestoSELECTEDroles—Toapplythispolicyonlytouserswhoare
mappedtorolesintheSelectedroleslist.Makesuretoaddrolestothislistfrom
theAvailableroleslist.
PolicyappliestoallrolesOTHERTHANthoseselectedbelow—Toapplythis
policytoallusersexceptforthosewhomaptotherolesintheSelectedroleslist.
MakesuretoaddrolestothislistfromtheAvailableroleslist.
6.
IntheActionsection,specify:
Allowaccess—TograntaccesstotheresourcesspecifiedintheResourceslist.
Denyaccess—TodenyaccesstotheresourcesspecifiedintheResourceslist.
UseDetailedRules—Tospecifyoneormoredetailedrulesforthispolicy.
7.
ClickSaveChanges.
8.
OntheWebAccessPoliciespage,orderthepoliciesaccordingtohowyouwantthe
SASeriesAppliancetoevaluatethem.KeepinmindthatoncetheSASeriesAppliance
Copyright©2012,JuniperNetworks,Inc.
434
JunosPulseSecureAccessServiceAdministrationGuide
Documents you may be interested
Documents you may be interested