Firewall Wizards mailing list archives
Auth + content filtering?
From: Tamas FORJAN <tamas () 2fkft com>
Date: Sun, 17 Feb 2002 23:27:22 +0100
Hello, I would like to know whether you know a way to implement HTTP file access control based on file extensions and authentication. Basically, what I would like to do is to set up different user groups for different kinds of file access. Not everybody should be able to access MP3 files, WMA files and such. My idea is to set up groups for those people who need access to these 'privileged' file types. What I tried already was to set up resources to filter content, along with partially automatic client auth. My rulebase looked the following: Src Dst Srv Act PrivUsers@InternalNet Any http ClientAuth Any Any http->mp3filter Reject MP3Users@InternalNet Any http ClientAuth The result of the above is that PrivUsers can properly authenticate and have access, but no users in the MP3Users group can authenticate at all. They receive 3 different authentication windows from their browser, but at the end, they receive the following error: Error 401 FW-1 at wreport: Unauthorized to access the document. Authorization is needed for FW-1. The authentication required by FW-1 for tforjan is: unknown. Reason for failure of last attempt: What worries me is the 'authentication required by FW-1 for tforjan is: unknown.' clause, because this user has a defined authentication scheme: FireWall-1 Password. No matter how many rules you set up, only the first authentication rule will allow successful authentication. All the others will fail with the above message. Do you have any idea why? Do you have any idea how to implement the desired functionality in any other way? Environment: Nokia IP440, IPSO 3.4.2, CP NG FP1. Thank you. -- FORJAN Tamas Technical Support 2F 2000 Szamitastechnikai es Szolgaltato Kft. http://www.2f.hu/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Auth + content filtering? Tamas FORJAN (Feb 18)
- <Possible follow-ups>
- RE: Auth + content filtering? Diaz Perez ยท Juan Carlos (Feb 18)