how do i perform authorization using advanced policy … · 2020-03-02 · how do i perform...
TRANSCRIPT
![Page 1: How do I perform Authorization using advanced policy … · 2020-03-02 · How do I perform Authorization using advanced policy expressions in NetScaler? Background Advanced policy](https://reader034.vdocuments.us/reader034/viewer/2022042101/5e7e54491c750e41ae3cc067/html5/thumbnails/1.jpg)
HowdoIperformAuthorizationusingadvancedpolicyexpressionsinNetScaler?
BackgroundAdvancedpolicyexpressionsprovidearichsetofexpressionslikebodybased,DNSbasedexpressionstoadministratorscomparedtoolderclassicones.AdvancedwillbethedefaultexpressioneditorforSession,TrafficandAuthorizationpolicyeditors.Optiontoswitchtoclassicbyclickingon“SwitchtoClassicSyntax”
• Onlyonepolicytype(eitheradvancedorclassic)isallowedtobeboundforatypeofpolicyo E.g.:Allauthorizationpoliciesboundatanylevelmustbeeitheradvancedorclassico AuthorizationpoliciesofAdvanced-typeandTrafficpoliciesofClassictypeareallowed
UsecaseTheadminwantstoblockasetofuserstonotallowthemtoaccessthedownloadpageofcitrix.com.Forthistheadminhascreatedausergroupcalled‘BlacklistUserGroup’,anyuserthatisapartofthisgroupshouldnotbeallowedtoaccessthedownloadpage.StepstoachievethisWithadvancedpolicyexpressions,theadministratorcancreateanauthorizationpolicyonhttprequestandlinkittotheBlackListUserGroup.PleaseseebelowthestepsfromtheNetScalerGUI:
1. LogintotheGUI,navigatetothispath:Configuration->NetScalerGateway->Policies->Authorization
2. Clickontheaddbutton
![Page 2: How do I perform Authorization using advanced policy … · 2020-03-02 · How do I perform Authorization using advanced policy expressions in NetScaler? Background Advanced policy](https://reader034.vdocuments.us/reader034/viewer/2022042101/5e7e54491c750e41ae3cc067/html5/thumbnails/2.jpg)
3. Createanauthorizationpolicy.Inourcase,wehavecreatedthefollowing-
4. Clickonexpressioneditorandusesimpleandintuitivedropdownstocreateapolicyexpression.Forustheexpressionis-http.req.hostname.contains("citrix.com")&&http.req.url.contains("downloads")
Usingtheoperator‘&&’andthencreatinganotherexpressionasbelow:
Finally,thisiswhattheexpressionlookslike:
![Page 3: How do I perform Authorization using advanced policy … · 2020-03-02 · How do I perform Authorization using advanced policy expressions in NetScaler? Background Advanced policy](https://reader034.vdocuments.us/reader034/viewer/2022042101/5e7e54491c750e41ae3cc067/html5/thumbnails/3.jpg)
5. BindthisauthorizationpolicytotheAAA-Usergroup.Navigateto:Configuration->NetScaler
Gateway->UserAdministration->AAAGroups.Inthiscase,weselectBlackListUserGroupandBindthispolicytoit.
LetustakealookattheAuthorizationPolicywhichisboundtothisgroup:
Now,letustestthisout:
1. Wehaveauser–BlacklistuserwhichisapartoftheBlackListUserGroup.Thisusershouldnotbeallowedtoaccessthedownloadspageofcitrix.com
![Page 4: How do I perform Authorization using advanced policy … · 2020-03-02 · How do I perform Authorization using advanced policy expressions in NetScaler? Background Advanced policy](https://reader034.vdocuments.us/reader034/viewer/2022042101/5e7e54491c750e41ae3cc067/html5/thumbnails/4.jpg)
2. LaunchesCitrix.comfromthebookmarkssetasbelow:
Thewebsitelaunchesasshownbelow.
3. Theuserclicksonthedownloadstabonthewebsiteandisdeniedaccesswiththebelowmessage.
![Page 5: How do I perform Authorization using advanced policy … · 2020-03-02 · How do I perform Authorization using advanced policy expressions in NetScaler? Background Advanced policy](https://reader034.vdocuments.us/reader034/viewer/2022042101/5e7e54491c750e41ae3cc067/html5/thumbnails/5.jpg)
Therefore,wehavethetestedourconfigurationoftheauthorizationpolicytodenyaccesstoblacklisteduserstothedownloadpageofcitrix.com